1 /* $OpenBSD: libcrux_mlkem768_sha3.h,v 1.2 2024/10/27 02:06:01 djm Exp $ */
2
3 /* Extracted from libcrux revision 84c5d87b3092c59294345aa269ceefe0eb97cc35 */
4
5 /*
6 * MIT License
7 *
8 * Copyright (c) 2024 Cryspen
9 *
10 * Permission is hereby granted, free of charge, to any person obtaining a copy
11 * of this software and associated documentation files (the "Software"), to deal
12 * in the Software without restriction, including without limitation the rights
13 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
14 * copies of the Software, and to permit persons to whom the Software is
15 * furnished to do so, subject to the following conditions:
16 *
17 * The above copyright notice and this permission notice shall be included in all
18 * copies or substantial portions of the Software.
19 *
20 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
21 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
22 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
23 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
24 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
25 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
26 * SOFTWARE.
27 */
28
29 #if !defined(__GNUC__) || (__GNUC__ < 2)
30 # define __attribute__(x)
31 #endif
32 #define KRML_MUSTINLINE inline
33 #define KRML_NOINLINE __attribute__((noinline, unused))
34 #define KRML_HOST_EPRINTF(...)
35 #define KRML_HOST_EXIT(x) fatal_f("internal error")
36
37 /* from libcrux/libcrux-ml-kem/cg/eurydice_glue.h */
38 /*
39 * SPDX-FileCopyrightText: 2024 Eurydice Contributors
40 * SPDX-FileCopyrightText: 2024 Cryspen Sarl <info@cryspen.com>
41 *
42 * SPDX-License-Identifier: MIT or Apache-2.0
43 */
44
45 #pragma once
46
47 #if defined(__cplusplus)
48 extern "C" {
49 #endif
50
51
52
53 // SLICES, ARRAYS, ETC.
54
55 // The MSVC C++ compiler does not support compound literals.
56 // This CLITERAL is used to turn `(type){...}` into `type{...}` when using a C++
57 // compiler.
58 #if defined(__cplusplus)
59 #define CLITERAL(type) type
60 #else
61 #define CLITERAL(type) (type)
62 #endif
63
64 // We represent a slice as a pair of an (untyped) pointer, along with the length
65 // of the slice, i.e. the number of elements in the slice (this is NOT the
66 // number of bytes). This design choice has two important consequences.
67 // - if you need to use `ptr`, you MUST cast it to a proper type *before*
68 // performing pointer
69 // arithmetic on it (remember that C desugars pointer arithmetic based on the
70 // type of the address)
71 // - if you need to use `len` for a C style function (e.g. memcpy, memcmp), you
72 // need to multiply it
73 // by sizeof t, where t is the type of the elements.
74 //
75 // Empty slices have `len == 0` and `ptr` always needs to be valid pointer that
76 // is not NULL (otherwise the construction in EURYDICE_SLICE computes `NULL +
77 // start`).
78 typedef struct {
79 void *ptr;
80 size_t len;
81 } Eurydice_slice;
82
83 // Helper macro to create a slice out of a pointer x, a start index in x
84 // (included), and an end index in x (excluded). The argument x must be suitably
85 // cast to something that can decay (see remark above about how pointer
86 // arithmetic works in C), meaning either pointer or array type.
87 #define EURYDICE_SLICE(x, start, end) \
88 (CLITERAL(Eurydice_slice){.ptr = (void *)(x + start), .len = end - start})
89 #define EURYDICE_SLICE_LEN(s, _) s.len
90 // This macro is a pain because in case the dereferenced element type is an
91 // array, you cannot simply write `t x` as it would yield `int[4] x` instead,
92 // which is NOT correct C syntax, so we add a dedicated phase in Eurydice that
93 // adds an extra argument to this macro at the last minute so that we have the
94 // correct type of *pointers* to elements.
95 #define Eurydice_slice_index(s, i, t, t_ptr_t) (((t_ptr_t)s.ptr)[i])
96 #define Eurydice_slice_subslice(s, r, t, _) \
97 EURYDICE_SLICE((t *)s.ptr, r.start, r.end)
98 // Variant for when the start and end indices are statically known (i.e., the
99 // range argument `r` is a literal).
100 #define Eurydice_slice_subslice2(s, start, end, t) \
101 EURYDICE_SLICE((t *)s.ptr, start, end)
102 #define Eurydice_slice_subslice_to(s, subslice_end_pos, t, _) \
103 EURYDICE_SLICE((t *)s.ptr, 0, subslice_end_pos)
104 #define Eurydice_slice_subslice_from(s, subslice_start_pos, t, _) \
105 EURYDICE_SLICE((t *)s.ptr, subslice_start_pos, s.len)
106 #define Eurydice_array_to_slice(end, x, t) \
107 EURYDICE_SLICE(x, 0, \
108 end) /* x is already at an array type, no need for cast */
109 #define Eurydice_array_to_subslice(_arraylen, x, r, t, _) \
110 EURYDICE_SLICE((t *)x, r.start, r.end)
111 // Same as above, variant for when start and end are statically known
112 #define Eurydice_array_to_subslice2(x, start, end, t) \
113 EURYDICE_SLICE((t *)x, start, end)
114 #define Eurydice_array_to_subslice_to(_size, x, r, t, _range_t) \
115 EURYDICE_SLICE((t *)x, 0, r)
116 #define Eurydice_array_to_subslice_from(size, x, r, t, _range_t) \
117 EURYDICE_SLICE((t *)x, r, size)
118 #define Eurydice_slice_len(s, t) EURYDICE_SLICE_LEN(s, t)
119 #define Eurydice_slice_copy(dst, src, t) \
120 memcpy(dst.ptr, src.ptr, dst.len * sizeof(t))
121 #define core_array___Array_T__N__23__as_slice(len_, ptr_, t, _ret_t) \
122 ((Eurydice_slice){.ptr = ptr_, .len = len_})
123
124 #define core_array___core__clone__Clone_for__Array_T__N___20__clone( \
125 len, src, dst, elem_type, _ret_t) \
126 (memcpy(dst, src, len * sizeof(elem_type)))
127 #define TryFromSliceError uint8_t
128
129 #define Eurydice_array_eq(sz, a1, a2, t, _) \
130 (memcmp(a1, a2, sz * sizeof(t)) == 0)
131 #define core_array_equality___core__cmp__PartialEq__Array_U__N___for__Array_T__N____eq( \
132 sz, a1, a2, t, _, _ret_t) \
133 Eurydice_array_eq(sz, a1, a2, t, _)
134 #define core_array_equality___core__cmp__PartialEq__0___Slice_U____for__Array_T__N___3__eq( \
135 sz, a1, a2, t, _, _ret_t) \
136 Eurydice_array_eq(sz, a1, ((a2)->ptr), t, _)
137
138 #define Eurydice_slice_split_at(slice, mid, element_type, ret_t) \
139 (CLITERAL(ret_t){ \
140 .fst = EURYDICE_SLICE((element_type *)slice.ptr, 0, mid), \
141 .snd = EURYDICE_SLICE((element_type *)slice.ptr, mid, slice.len)})
142 #define Eurydice_slice_split_at_mut(slice, mid, element_type, ret_t) \
143 (CLITERAL(ret_t){ \
144 .fst = {.ptr = slice.ptr, .len = mid}, \
145 .snd = {.ptr = (char *)slice.ptr + mid * sizeof(element_type), \
146 .len = slice.len - mid}})
147
148 // Conversion of slice to an array, rewritten (by Eurydice) to name the
149 // destination array, since arrays are not values in C.
150 // N.B.: see note in karamel/lib/Inlining.ml if you change this.
151 #define Eurydice_slice_to_array2(dst, src, _, t_arr) \
152 Eurydice_slice_to_array3(&(dst)->tag, (char *)&(dst)->val.case_Ok, src, \
153 sizeof(t_arr))
154
Eurydice_slice_to_array3(uint8_t * dst_tag,char * dst_ok,Eurydice_slice src,size_t sz)155 static inline void Eurydice_slice_to_array3(uint8_t *dst_tag, char *dst_ok,
156 Eurydice_slice src, size_t sz) {
157 *dst_tag = 0;
158 memcpy(dst_ok, src.ptr, sz);
159 }
160
161 // CORE STUFF (conversions, endianness, ...)
162
core_num__u64_9__to_le_bytes(uint64_t v,uint8_t buf[8])163 static inline void core_num__u64_9__to_le_bytes(uint64_t v, uint8_t buf[8]) {
164 v = htole64(v);
165 memcpy(buf, &v, sizeof(v));
166 }
core_num__u64_9__from_le_bytes(uint8_t buf[8])167 static inline uint64_t core_num__u64_9__from_le_bytes(uint8_t buf[8]) {
168 uint64_t v;
169 memcpy(&v, buf, sizeof(v));
170 return le64toh(v);
171 }
172
core_num__u32_8__from_le_bytes(uint8_t buf[4])173 static inline uint32_t core_num__u32_8__from_le_bytes(uint8_t buf[4]) {
174 uint32_t v;
175 memcpy(&v, buf, sizeof(v));
176 return le32toh(v);
177 }
178
core_num__u8_6__count_ones(uint8_t x0)179 static inline uint32_t core_num__u8_6__count_ones(uint8_t x0) {
180 #if defined(_MSC_VER)
181 return __popcnt(x0);
182 #elif !defined(MISSING_BUILTIN_POPCOUNT)
183 return __builtin_popcount(x0);
184 #else
185 const uint8_t v[16] = { 0, 1, 1, 2, 1, 2, 2, 3, 1, 2, 2, 3, 2, 3, 3, 4 };
186 return v[x0 & 0xf] + v[(x0 >> 4) & 0xf];
187
188 #endif
189 }
190
191 // unsigned overflow wraparound semantics in C
core_num__u16_7__wrapping_add(uint16_t x,uint16_t y)192 static inline uint16_t core_num__u16_7__wrapping_add(uint16_t x, uint16_t y) {
193 return x + y;
194 }
core_num__u8_6__wrapping_sub(uint8_t x,uint8_t y)195 static inline uint8_t core_num__u8_6__wrapping_sub(uint8_t x, uint8_t y) {
196 return x - y;
197 }
198
199 // ITERATORS
200
201 #define Eurydice_range_iter_next(iter_ptr, t, ret_t) \
202 (((iter_ptr)->start == (iter_ptr)->end) \
203 ? (CLITERAL(ret_t){.tag = None}) \
204 : (CLITERAL(ret_t){.tag = Some, .f0 = (iter_ptr)->start++}))
205
206 #define core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next \
207 Eurydice_range_iter_next
208
209 // See note in karamel/lib/Inlining.ml if you change this
210 #define Eurydice_into_iter(x, t, _ret_t) (x)
211 #define core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter \
212 Eurydice_into_iter
213
214 #if defined(__cplusplus)
215 }
216 #endif
217
218 /* from libcrux/libcrux-ml-kem/cg/libcrux_core.h */
219 /*
220 * SPDX-FileCopyrightText: 2024 Cryspen Sarl <info@cryspen.com>
221 *
222 * SPDX-License-Identifier: MIT or Apache-2.0
223 *
224 * This code was generated with the following revisions:
225 * Charon: 6b5e110342a771a3e1c739b10294b1778e4be8b4
226 * Eurydice: 31be7d65ca5d6acdacfb33652e478d24dd85c1cb
227 * Karamel: 3205d3365ea2790b02368f79fcee38e38d0b5908
228 * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty
229 * Libcrux: 4ad532b206174114dd4140b718e7794a28fc59ee
230 */
231
232 #ifndef __libcrux_core_H
233 #define __libcrux_core_H
234
235 #if defined(__cplusplus)
236 extern "C" {
237 #endif
238
239
240 /**
241 A monomorphic instance of core.ops.range.Range
242 with types size_t
243
244 */
245 typedef struct core_ops_range_Range_b3_s {
246 size_t start;
247 size_t end;
248 } core_ops_range_Range_b3;
249
250 #define Ok 0
251 #define Err 1
252
253 typedef uint8_t Result_86_tags;
254
255 #define None 0
256 #define Some 1
257
258 typedef uint8_t Option_ef_tags;
259
260 /**
261 A monomorphic instance of core.option.Option
262 with types size_t
263
264 */
265 typedef struct Option_b3_s {
266 Option_ef_tags tag;
267 size_t f0;
268 } Option_b3;
269
270 static inline uint16_t core_num__u16_7__wrapping_add(uint16_t x0, uint16_t x1);
271
272 #define CORE_NUM__U32_8__BITS (32U)
273
274 static inline uint64_t core_num__u64_9__from_le_bytes(uint8_t x0[8U]);
275
276 static inline void core_num__u64_9__to_le_bytes(uint64_t x0, uint8_t x1[8U]);
277
278 static inline uint32_t core_num__u8_6__count_ones(uint8_t x0);
279
280 static inline uint8_t core_num__u8_6__wrapping_sub(uint8_t x0, uint8_t x1);
281
282 #define LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE ((size_t)32U)
283
284 #define LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_COEFFICIENT ((size_t)12U)
285
286 #define LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT ((size_t)256U)
287
288 #define LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_RING_ELEMENT \
289 (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)12U)
290
291 #define LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT \
292 (LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_RING_ELEMENT / (size_t)8U)
293
294 #define LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE ((size_t)32U)
295
296 #define LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE ((size_t)32U)
297
298 typedef struct libcrux_ml_kem_utils_extraction_helper_Keypair768_s {
299 uint8_t fst[1152U];
300 uint8_t snd[1184U];
301 } libcrux_ml_kem_utils_extraction_helper_Keypair768;
302
303 /**
304 A monomorphic instance of core.result.Result
305 with types uint8_t[24size_t], core_array_TryFromSliceError
306
307 */
308 typedef struct Result_6f_s {
309 Result_86_tags tag;
310 union {
311 uint8_t case_Ok[24U];
312 TryFromSliceError case_Err;
313 } val;
314 } Result_6f;
315
316 /**
317 This function found in impl {core::result::Result<T, E>}
318 */
319 /**
320 A monomorphic instance of core.result.unwrap_41
321 with types uint8_t[24size_t], core_array_TryFromSliceError
322
323 */
unwrap_41_1c(Result_6f self,uint8_t ret[24U])324 static inline void unwrap_41_1c(Result_6f self, uint8_t ret[24U]) {
325 if (self.tag == Ok) {
326 uint8_t f0[24U];
327 memcpy(f0, self.val.case_Ok, (size_t)24U * sizeof(uint8_t));
328 memcpy(ret, f0, (size_t)24U * sizeof(uint8_t));
329 } else {
330 KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__,
331 "unwrap not Ok");
332 KRML_HOST_EXIT(255U);
333 }
334 }
335
336 /**
337 A monomorphic instance of core.result.Result
338 with types uint8_t[20size_t], core_array_TryFromSliceError
339
340 */
341 typedef struct Result_7a_s {
342 Result_86_tags tag;
343 union {
344 uint8_t case_Ok[20U];
345 TryFromSliceError case_Err;
346 } val;
347 } Result_7a;
348
349 /**
350 This function found in impl {core::result::Result<T, E>}
351 */
352 /**
353 A monomorphic instance of core.result.unwrap_41
354 with types uint8_t[20size_t], core_array_TryFromSliceError
355
356 */
unwrap_41_34(Result_7a self,uint8_t ret[20U])357 static inline void unwrap_41_34(Result_7a self, uint8_t ret[20U]) {
358 if (self.tag == Ok) {
359 uint8_t f0[20U];
360 memcpy(f0, self.val.case_Ok, (size_t)20U * sizeof(uint8_t));
361 memcpy(ret, f0, (size_t)20U * sizeof(uint8_t));
362 } else {
363 KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__,
364 "unwrap not Ok");
365 KRML_HOST_EXIT(255U);
366 }
367 }
368
369 /**
370 A monomorphic instance of core.result.Result
371 with types uint8_t[10size_t], core_array_TryFromSliceError
372
373 */
374 typedef struct Result_cd_s {
375 Result_86_tags tag;
376 union {
377 uint8_t case_Ok[10U];
378 TryFromSliceError case_Err;
379 } val;
380 } Result_cd;
381
382 /**
383 This function found in impl {core::result::Result<T, E>}
384 */
385 /**
386 A monomorphic instance of core.result.unwrap_41
387 with types uint8_t[10size_t], core_array_TryFromSliceError
388
389 */
unwrap_41_e8(Result_cd self,uint8_t ret[10U])390 static inline void unwrap_41_e8(Result_cd self, uint8_t ret[10U]) {
391 if (self.tag == Ok) {
392 uint8_t f0[10U];
393 memcpy(f0, self.val.case_Ok, (size_t)10U * sizeof(uint8_t));
394 memcpy(ret, f0, (size_t)10U * sizeof(uint8_t));
395 } else {
396 KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__,
397 "unwrap not Ok");
398 KRML_HOST_EXIT(255U);
399 }
400 }
401
402 typedef struct Eurydice_slice_uint8_t_4size_t__x2_s {
403 Eurydice_slice fst[4U];
404 Eurydice_slice snd[4U];
405 } Eurydice_slice_uint8_t_4size_t__x2;
406
407 typedef struct libcrux_ml_kem_mlkem768_MlKem768Ciphertext_s {
408 uint8_t value[1088U];
409 } libcrux_ml_kem_mlkem768_MlKem768Ciphertext;
410
411 /**
412 A reference to the raw byte slice.
413 */
414 /**
415 This function found in impl {libcrux_ml_kem::types::MlKemCiphertext<SIZE>#6}
416 */
417 /**
418 A monomorphic instance of libcrux_ml_kem.types.as_slice_d4
419 with const generics
420 - SIZE= 1088
421 */
libcrux_ml_kem_types_as_slice_d4_1d(libcrux_ml_kem_mlkem768_MlKem768Ciphertext * self)422 static inline uint8_t *libcrux_ml_kem_types_as_slice_d4_1d(
423 libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self) {
424 return self->value;
425 }
426
427 /**
428 A monomorphic instance of libcrux_ml_kem.types.MlKemPublicKey
429 with const generics
430 - $1184size_t
431 */
432 typedef struct libcrux_ml_kem_types_MlKemPublicKey_15_s {
433 uint8_t value[1184U];
434 } libcrux_ml_kem_types_MlKemPublicKey_15;
435
436 /**
437 This function found in impl {(core::convert::From<@Array<u8, SIZE>> for
438 libcrux_ml_kem::types::MlKemPublicKey<SIZE>)#14}
439 */
440 /**
441 A monomorphic instance of libcrux_ml_kem.types.from_b6
442 with const generics
443 - SIZE= 1184
444 */
445 static inline libcrux_ml_kem_types_MlKemPublicKey_15
libcrux_ml_kem_types_from_b6_da(uint8_t value[1184U])446 libcrux_ml_kem_types_from_b6_da(uint8_t value[1184U]) {
447 /* Passing arrays by value in Rust generates a copy in C */
448 uint8_t copy_of_value[1184U];
449 memcpy(copy_of_value, value, (size_t)1184U * sizeof(uint8_t));
450 libcrux_ml_kem_types_MlKemPublicKey_15 lit;
451 memcpy(lit.value, copy_of_value, (size_t)1184U * sizeof(uint8_t));
452 return lit;
453 }
454
455 /**
456 A monomorphic instance of libcrux_ml_kem.types.MlKemPrivateKey
457 with const generics
458 - $2400size_t
459 */
460 typedef struct libcrux_ml_kem_types_MlKemPrivateKey_55_s {
461 uint8_t value[2400U];
462 } libcrux_ml_kem_types_MlKemPrivateKey_55;
463
464 typedef struct libcrux_ml_kem_mlkem768_MlKem768KeyPair_s {
465 libcrux_ml_kem_types_MlKemPrivateKey_55 sk;
466 libcrux_ml_kem_types_MlKemPublicKey_15 pk;
467 } libcrux_ml_kem_mlkem768_MlKem768KeyPair;
468
469 /**
470 Create a new [`MlKemKeyPair`] from the secret and public key.
471 */
472 /**
473 This function found in impl
474 {libcrux_ml_kem::types::MlKemKeyPair<PRIVATE_KEY_SIZE, PUBLIC_KEY_SIZE>}
475 */
476 /**
477 A monomorphic instance of libcrux_ml_kem.types.from_17
478 with const generics
479 - PRIVATE_KEY_SIZE= 2400
480 - PUBLIC_KEY_SIZE= 1184
481 */
482 static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair
libcrux_ml_kem_types_from_17_35(libcrux_ml_kem_types_MlKemPrivateKey_55 sk,libcrux_ml_kem_types_MlKemPublicKey_15 pk)483 libcrux_ml_kem_types_from_17_35(libcrux_ml_kem_types_MlKemPrivateKey_55 sk,
484 libcrux_ml_kem_types_MlKemPublicKey_15 pk) {
485 return (
486 CLITERAL(libcrux_ml_kem_mlkem768_MlKem768KeyPair){.sk = sk, .pk = pk});
487 }
488
489 /**
490 This function found in impl {(core::convert::From<@Array<u8, SIZE>> for
491 libcrux_ml_kem::types::MlKemPrivateKey<SIZE>)#8}
492 */
493 /**
494 A monomorphic instance of libcrux_ml_kem.types.from_05
495 with const generics
496 - SIZE= 2400
497 */
498 static inline libcrux_ml_kem_types_MlKemPrivateKey_55
libcrux_ml_kem_types_from_05_f2(uint8_t value[2400U])499 libcrux_ml_kem_types_from_05_f2(uint8_t value[2400U]) {
500 /* Passing arrays by value in Rust generates a copy in C */
501 uint8_t copy_of_value[2400U];
502 memcpy(copy_of_value, value, (size_t)2400U * sizeof(uint8_t));
503 libcrux_ml_kem_types_MlKemPrivateKey_55 lit;
504 memcpy(lit.value, copy_of_value, (size_t)2400U * sizeof(uint8_t));
505 return lit;
506 }
507
508 /**
509 A monomorphic instance of core.result.Result
510 with types uint8_t[32size_t], core_array_TryFromSliceError
511
512 */
513 typedef struct Result_00_s {
514 Result_86_tags tag;
515 union {
516 uint8_t case_Ok[32U];
517 TryFromSliceError case_Err;
518 } val;
519 } Result_00;
520
521 /**
522 This function found in impl {core::result::Result<T, E>}
523 */
524 /**
525 A monomorphic instance of core.result.unwrap_41
526 with types uint8_t[32size_t], core_array_TryFromSliceError
527
528 */
unwrap_41_83(Result_00 self,uint8_t ret[32U])529 static inline void unwrap_41_83(Result_00 self, uint8_t ret[32U]) {
530 if (self.tag == Ok) {
531 uint8_t f0[32U];
532 memcpy(f0, self.val.case_Ok, (size_t)32U * sizeof(uint8_t));
533 memcpy(ret, f0, (size_t)32U * sizeof(uint8_t));
534 } else {
535 KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__,
536 "unwrap not Ok");
537 KRML_HOST_EXIT(255U);
538 }
539 }
540
541 /**
542 A monomorphic instance of K.
543 with types libcrux_ml_kem_types_MlKemCiphertext[[$1088size_t]],
544 uint8_t[32size_t]
545
546 */
547 typedef struct tuple_3c_s {
548 libcrux_ml_kem_mlkem768_MlKem768Ciphertext fst;
549 uint8_t snd[32U];
550 } tuple_3c;
551
552 /**
553 This function found in impl {(core::convert::From<@Array<u8, SIZE>> for
554 libcrux_ml_kem::types::MlKemCiphertext<SIZE>)#2}
555 */
556 /**
557 A monomorphic instance of libcrux_ml_kem.types.from_01
558 with const generics
559 - SIZE= 1088
560 */
561 static inline libcrux_ml_kem_mlkem768_MlKem768Ciphertext
libcrux_ml_kem_types_from_01_9f(uint8_t value[1088U])562 libcrux_ml_kem_types_from_01_9f(uint8_t value[1088U]) {
563 /* Passing arrays by value in Rust generates a copy in C */
564 uint8_t copy_of_value[1088U];
565 memcpy(copy_of_value, value, (size_t)1088U * sizeof(uint8_t));
566 libcrux_ml_kem_mlkem768_MlKem768Ciphertext lit;
567 memcpy(lit.value, copy_of_value, (size_t)1088U * sizeof(uint8_t));
568 return lit;
569 }
570
571 /**
572 A reference to the raw byte slice.
573 */
574 /**
575 This function found in impl {libcrux_ml_kem::types::MlKemPublicKey<SIZE>#18}
576 */
577 /**
578 A monomorphic instance of libcrux_ml_kem.types.as_slice_cb
579 with const generics
580 - SIZE= 1184
581 */
libcrux_ml_kem_types_as_slice_cb_50(libcrux_ml_kem_types_MlKemPublicKey_15 * self)582 static inline uint8_t *libcrux_ml_kem_types_as_slice_cb_50(
583 libcrux_ml_kem_types_MlKemPublicKey_15 *self) {
584 return self->value;
585 }
586
587 /**
588 Pad the `slice` with `0`s at the end.
589 */
590 /**
591 A monomorphic instance of libcrux_ml_kem.utils.into_padded_array
592 with const generics
593 - LEN= 33
594 */
libcrux_ml_kem_utils_into_padded_array_ea2(Eurydice_slice slice,uint8_t ret[33U])595 static KRML_MUSTINLINE void libcrux_ml_kem_utils_into_padded_array_ea2(
596 Eurydice_slice slice, uint8_t ret[33U]) {
597 uint8_t out[33U] = {0U};
598 uint8_t *uu____0 = out;
599 Eurydice_slice_copy(
600 Eurydice_array_to_subslice2(uu____0, (size_t)0U,
601 Eurydice_slice_len(slice, uint8_t), uint8_t),
602 slice, uint8_t);
603 memcpy(ret, out, (size_t)33U * sizeof(uint8_t));
604 }
605
606 /**
607 Pad the `slice` with `0`s at the end.
608 */
609 /**
610 A monomorphic instance of libcrux_ml_kem.utils.into_padded_array
611 with const generics
612 - LEN= 34
613 */
libcrux_ml_kem_utils_into_padded_array_ea1(Eurydice_slice slice,uint8_t ret[34U])614 static KRML_MUSTINLINE void libcrux_ml_kem_utils_into_padded_array_ea1(
615 Eurydice_slice slice, uint8_t ret[34U]) {
616 uint8_t out[34U] = {0U};
617 uint8_t *uu____0 = out;
618 Eurydice_slice_copy(
619 Eurydice_array_to_subslice2(uu____0, (size_t)0U,
620 Eurydice_slice_len(slice, uint8_t), uint8_t),
621 slice, uint8_t);
622 memcpy(ret, out, (size_t)34U * sizeof(uint8_t));
623 }
624
625 /**
626 This function found in impl {(core::convert::AsRef<@Slice<u8>> for
627 libcrux_ml_kem::types::MlKemCiphertext<SIZE>)#1}
628 */
629 /**
630 A monomorphic instance of libcrux_ml_kem.types.as_ref_00
631 with const generics
632 - SIZE= 1088
633 */
libcrux_ml_kem_types_as_ref_00_24(libcrux_ml_kem_mlkem768_MlKem768Ciphertext * self)634 static inline Eurydice_slice libcrux_ml_kem_types_as_ref_00_24(
635 libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self) {
636 return Eurydice_array_to_slice((size_t)1088U, self->value, uint8_t);
637 }
638
639 /**
640 Pad the `slice` with `0`s at the end.
641 */
642 /**
643 A monomorphic instance of libcrux_ml_kem.utils.into_padded_array
644 with const generics
645 - LEN= 1120
646 */
libcrux_ml_kem_utils_into_padded_array_ea0(Eurydice_slice slice,uint8_t ret[1120U])647 static KRML_MUSTINLINE void libcrux_ml_kem_utils_into_padded_array_ea0(
648 Eurydice_slice slice, uint8_t ret[1120U]) {
649 uint8_t out[1120U] = {0U};
650 uint8_t *uu____0 = out;
651 Eurydice_slice_copy(
652 Eurydice_array_to_subslice2(uu____0, (size_t)0U,
653 Eurydice_slice_len(slice, uint8_t), uint8_t),
654 slice, uint8_t);
655 memcpy(ret, out, (size_t)1120U * sizeof(uint8_t));
656 }
657
658 /**
659 Pad the `slice` with `0`s at the end.
660 */
661 /**
662 A monomorphic instance of libcrux_ml_kem.utils.into_padded_array
663 with const generics
664 - LEN= 64
665 */
libcrux_ml_kem_utils_into_padded_array_ea(Eurydice_slice slice,uint8_t ret[64U])666 static KRML_MUSTINLINE void libcrux_ml_kem_utils_into_padded_array_ea(
667 Eurydice_slice slice, uint8_t ret[64U]) {
668 uint8_t out[64U] = {0U};
669 uint8_t *uu____0 = out;
670 Eurydice_slice_copy(
671 Eurydice_array_to_subslice2(uu____0, (size_t)0U,
672 Eurydice_slice_len(slice, uint8_t), uint8_t),
673 slice, uint8_t);
674 memcpy(ret, out, (size_t)64U * sizeof(uint8_t));
675 }
676
677 /**
678 A monomorphic instance of core.result.Result
679 with types int16_t[16size_t], core_array_TryFromSliceError
680
681 */
682 typedef struct Result_c0_s {
683 Result_86_tags tag;
684 union {
685 int16_t case_Ok[16U];
686 TryFromSliceError case_Err;
687 } val;
688 } Result_c0;
689
690 /**
691 This function found in impl {core::result::Result<T, E>}
692 */
693 /**
694 A monomorphic instance of core.result.unwrap_41
695 with types int16_t[16size_t], core_array_TryFromSliceError
696
697 */
unwrap_41_f9(Result_c0 self,int16_t ret[16U])698 static inline void unwrap_41_f9(Result_c0 self, int16_t ret[16U]) {
699 if (self.tag == Ok) {
700 int16_t f0[16U];
701 memcpy(f0, self.val.case_Ok, (size_t)16U * sizeof(int16_t));
702 memcpy(ret, f0, (size_t)16U * sizeof(int16_t));
703 } else {
704 KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__,
705 "unwrap not Ok");
706 KRML_HOST_EXIT(255U);
707 }
708 }
709
710 /**
711 A monomorphic instance of core.result.Result
712 with types uint8_t[8size_t], core_array_TryFromSliceError
713
714 */
715 typedef struct Result_56_s {
716 Result_86_tags tag;
717 union {
718 uint8_t case_Ok[8U];
719 TryFromSliceError case_Err;
720 } val;
721 } Result_56;
722
723 /**
724 This function found in impl {core::result::Result<T, E>}
725 */
726 /**
727 A monomorphic instance of core.result.unwrap_41
728 with types uint8_t[8size_t], core_array_TryFromSliceError
729
730 */
unwrap_41_ac(Result_56 self,uint8_t ret[8U])731 static inline void unwrap_41_ac(Result_56 self, uint8_t ret[8U]) {
732 if (self.tag == Ok) {
733 uint8_t f0[8U];
734 memcpy(f0, self.val.case_Ok, (size_t)8U * sizeof(uint8_t));
735 memcpy(ret, f0, (size_t)8U * sizeof(uint8_t));
736 } else {
737 KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__,
738 "unwrap not Ok");
739 KRML_HOST_EXIT(255U);
740 }
741 }
742
743 typedef struct Eurydice_slice_uint8_t_x2_s {
744 Eurydice_slice fst;
745 Eurydice_slice snd;
746 } Eurydice_slice_uint8_t_x2;
747
748 typedef struct Eurydice_slice_uint8_t_1size_t__x2_s {
749 Eurydice_slice fst[1U];
750 Eurydice_slice snd[1U];
751 } Eurydice_slice_uint8_t_1size_t__x2;
752
753 #if defined(__cplusplus)
754 }
755 #endif
756
757 #define __libcrux_core_H_DEFINED
758 #endif
759
760 /* from libcrux/libcrux-ml-kem/cg/libcrux_ct_ops.h */
761 /*
762 * SPDX-FileCopyrightText: 2024 Cryspen Sarl <info@cryspen.com>
763 *
764 * SPDX-License-Identifier: MIT or Apache-2.0
765 *
766 * This code was generated with the following revisions:
767 * Charon: 6b5e110342a771a3e1c739b10294b1778e4be8b4
768 * Eurydice: 31be7d65ca5d6acdacfb33652e478d24dd85c1cb
769 * Karamel: 3205d3365ea2790b02368f79fcee38e38d0b5908
770 * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty
771 * Libcrux: 4ad532b206174114dd4140b718e7794a28fc59ee
772 */
773
774 #ifndef __libcrux_ct_ops_H
775 #define __libcrux_ct_ops_H
776
777 #if defined(__cplusplus)
778 extern "C" {
779 #endif
780
781
782 /**
783 Return 1 if `value` is not zero and 0 otherwise.
784 */
libcrux_ml_kem_constant_time_ops_inz(uint8_t value)785 static inline uint8_t libcrux_ml_kem_constant_time_ops_inz(uint8_t value) {
786 uint16_t value0 = (uint16_t)value;
787 uint16_t result = (((uint32_t)value0 |
788 (uint32_t)core_num__u16_7__wrapping_add(~value0, 1U)) &
789 0xFFFFU) >>
790 8U &
791 1U;
792 return (uint8_t)result;
793 }
794
795 static KRML_NOINLINE uint8_t
libcrux_ml_kem_constant_time_ops_is_non_zero(uint8_t value)796 libcrux_ml_kem_constant_time_ops_is_non_zero(uint8_t value) {
797 return libcrux_ml_kem_constant_time_ops_inz(value);
798 }
799
800 /**
801 Return 1 if the bytes of `lhs` and `rhs` do not exactly
802 match and 0 otherwise.
803 */
libcrux_ml_kem_constant_time_ops_compare(Eurydice_slice lhs,Eurydice_slice rhs)804 static inline uint8_t libcrux_ml_kem_constant_time_ops_compare(
805 Eurydice_slice lhs, Eurydice_slice rhs) {
806 uint8_t r = 0U;
807 for (size_t i = (size_t)0U; i < Eurydice_slice_len(lhs, uint8_t); i++) {
808 size_t i0 = i;
809 r = (uint32_t)r |
810 ((uint32_t)Eurydice_slice_index(lhs, i0, uint8_t, uint8_t *) ^
811 (uint32_t)Eurydice_slice_index(rhs, i0, uint8_t, uint8_t *));
812 }
813 return libcrux_ml_kem_constant_time_ops_is_non_zero(r);
814 }
815
816 static KRML_NOINLINE uint8_t
libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time(Eurydice_slice lhs,Eurydice_slice rhs)817 libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time(
818 Eurydice_slice lhs, Eurydice_slice rhs) {
819 return libcrux_ml_kem_constant_time_ops_compare(lhs, rhs);
820 }
821
822 /**
823 If `selector` is not zero, return the bytes in `rhs`; return the bytes in
824 `lhs` otherwise.
825 */
libcrux_ml_kem_constant_time_ops_select_ct(Eurydice_slice lhs,Eurydice_slice rhs,uint8_t selector,uint8_t ret[32U])826 static inline void libcrux_ml_kem_constant_time_ops_select_ct(
827 Eurydice_slice lhs, Eurydice_slice rhs, uint8_t selector,
828 uint8_t ret[32U]) {
829 uint8_t mask = core_num__u8_6__wrapping_sub(
830 libcrux_ml_kem_constant_time_ops_is_non_zero(selector), 1U);
831 uint8_t out[32U] = {0U};
832 for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE;
833 i++) {
834 size_t i0 = i;
835 out[i0] = ((uint32_t)Eurydice_slice_index(lhs, i0, uint8_t, uint8_t *) &
836 (uint32_t)mask) |
837 ((uint32_t)Eurydice_slice_index(rhs, i0, uint8_t, uint8_t *) &
838 (uint32_t)~mask);
839 }
840 memcpy(ret, out, (size_t)32U * sizeof(uint8_t));
841 }
842
843 static KRML_NOINLINE void
libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time(Eurydice_slice lhs,Eurydice_slice rhs,uint8_t selector,uint8_t ret[32U])844 libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time(
845 Eurydice_slice lhs, Eurydice_slice rhs, uint8_t selector,
846 uint8_t ret[32U]) {
847 libcrux_ml_kem_constant_time_ops_select_ct(lhs, rhs, selector, ret);
848 }
849
850 static inline void
libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time(Eurydice_slice lhs_c,Eurydice_slice rhs_c,Eurydice_slice lhs_s,Eurydice_slice rhs_s,uint8_t ret[32U])851 libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time(
852 Eurydice_slice lhs_c, Eurydice_slice rhs_c, Eurydice_slice lhs_s,
853 Eurydice_slice rhs_s, uint8_t ret[32U]) {
854 uint8_t selector =
855 libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time(
856 lhs_c, rhs_c);
857 uint8_t ret0[32U];
858 libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time(
859 lhs_s, rhs_s, selector, ret0);
860 memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t));
861 }
862
863 #if defined(__cplusplus)
864 }
865 #endif
866
867 #define __libcrux_ct_ops_H_DEFINED
868 #endif
869
870 /* from libcrux/libcrux-ml-kem/cg/libcrux_sha3_portable.h */
871 /*
872 * SPDX-FileCopyrightText: 2024 Cryspen Sarl <info@cryspen.com>
873 *
874 * SPDX-License-Identifier: MIT or Apache-2.0
875 *
876 * This code was generated with the following revisions:
877 * Charon: 6b5e110342a771a3e1c739b10294b1778e4be8b4
878 * Eurydice: 31be7d65ca5d6acdacfb33652e478d24dd85c1cb
879 * Karamel: 3205d3365ea2790b02368f79fcee38e38d0b5908
880 * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty
881 * Libcrux: 4ad532b206174114dd4140b718e7794a28fc59ee
882 */
883
884 #ifndef __libcrux_sha3_portable_H
885 #define __libcrux_sha3_portable_H
886
887 #if defined(__cplusplus)
888 extern "C" {
889 #endif
890
891
892 static const uint64_t libcrux_sha3_generic_keccak_ROUNDCONSTANTS[24U] = {
893 1ULL,
894 32898ULL,
895 9223372036854808714ULL,
896 9223372039002292224ULL,
897 32907ULL,
898 2147483649ULL,
899 9223372039002292353ULL,
900 9223372036854808585ULL,
901 138ULL,
902 136ULL,
903 2147516425ULL,
904 2147483658ULL,
905 2147516555ULL,
906 9223372036854775947ULL,
907 9223372036854808713ULL,
908 9223372036854808579ULL,
909 9223372036854808578ULL,
910 9223372036854775936ULL,
911 32778ULL,
912 9223372039002259466ULL,
913 9223372039002292353ULL,
914 9223372036854808704ULL,
915 2147483649ULL,
916 9223372039002292232ULL};
917
918 /**
919 This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1:
920 usize> for u64)}
921 */
libcrux_sha3_portable_keccak_zero_5a(void)922 static KRML_MUSTINLINE uint64_t libcrux_sha3_portable_keccak_zero_5a(void) {
923 return 0ULL;
924 }
925
libcrux_sha3_portable_keccak__veor5q_u64(uint64_t a,uint64_t b,uint64_t c,uint64_t d,uint64_t e)926 static KRML_MUSTINLINE uint64_t libcrux_sha3_portable_keccak__veor5q_u64(
927 uint64_t a, uint64_t b, uint64_t c, uint64_t d, uint64_t e) {
928 uint64_t ab = a ^ b;
929 uint64_t cd = c ^ d;
930 uint64_t abcd = ab ^ cd;
931 return abcd ^ e;
932 }
933
934 /**
935 This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1:
936 usize> for u64)}
937 */
libcrux_sha3_portable_keccak_xor5_5a(uint64_t a,uint64_t b,uint64_t c,uint64_t d,uint64_t e)938 static KRML_MUSTINLINE uint64_t libcrux_sha3_portable_keccak_xor5_5a(
939 uint64_t a, uint64_t b, uint64_t c, uint64_t d, uint64_t e) {
940 return libcrux_sha3_portable_keccak__veor5q_u64(a, b, c, d, e);
941 }
942
943 /**
944 A monomorphic instance of libcrux_sha3.portable_keccak.rotate_left
945 with const generics
946 - LEFT= 1
947 - RIGHT= 63
948 */
949 static KRML_MUSTINLINE uint64_t
libcrux_sha3_portable_keccak_rotate_left_cb(uint64_t x)950 libcrux_sha3_portable_keccak_rotate_left_cb(uint64_t x) {
951 return x << (uint32_t)(int32_t)1 | x >> (uint32_t)(int32_t)63;
952 }
953
954 static KRML_MUSTINLINE uint64_t
libcrux_sha3_portable_keccak__vrax1q_u64(uint64_t a,uint64_t b)955 libcrux_sha3_portable_keccak__vrax1q_u64(uint64_t a, uint64_t b) {
956 uint64_t uu____0 = a;
957 return uu____0 ^ libcrux_sha3_portable_keccak_rotate_left_cb(b);
958 }
959
960 /**
961 This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1:
962 usize> for u64)}
963 */
964 static KRML_MUSTINLINE uint64_t
libcrux_sha3_portable_keccak_rotate_left1_and_xor_5a(uint64_t a,uint64_t b)965 libcrux_sha3_portable_keccak_rotate_left1_and_xor_5a(uint64_t a, uint64_t b) {
966 return libcrux_sha3_portable_keccak__vrax1q_u64(a, b);
967 }
968
969 static KRML_MUSTINLINE uint64_t
libcrux_sha3_portable_keccak__vbcaxq_u64(uint64_t a,uint64_t b,uint64_t c)970 libcrux_sha3_portable_keccak__vbcaxq_u64(uint64_t a, uint64_t b, uint64_t c) {
971 return a ^ (b & ~c);
972 }
973
974 /**
975 This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1:
976 usize> for u64)}
977 */
libcrux_sha3_portable_keccak_and_not_xor_5a(uint64_t a,uint64_t b,uint64_t c)978 static KRML_MUSTINLINE uint64_t libcrux_sha3_portable_keccak_and_not_xor_5a(
979 uint64_t a, uint64_t b, uint64_t c) {
980 return libcrux_sha3_portable_keccak__vbcaxq_u64(a, b, c);
981 }
982
983 static KRML_MUSTINLINE uint64_t
libcrux_sha3_portable_keccak__veorq_n_u64(uint64_t a,uint64_t c)984 libcrux_sha3_portable_keccak__veorq_n_u64(uint64_t a, uint64_t c) {
985 return a ^ c;
986 }
987
988 /**
989 This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1:
990 usize> for u64)}
991 */
992 static KRML_MUSTINLINE uint64_t
libcrux_sha3_portable_keccak_xor_constant_5a(uint64_t a,uint64_t c)993 libcrux_sha3_portable_keccak_xor_constant_5a(uint64_t a, uint64_t c) {
994 return libcrux_sha3_portable_keccak__veorq_n_u64(a, c);
995 }
996
997 /**
998 This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1:
999 usize> for u64)}
1000 */
1001 static KRML_MUSTINLINE uint64_t
libcrux_sha3_portable_keccak_xor_5a(uint64_t a,uint64_t b)1002 libcrux_sha3_portable_keccak_xor_5a(uint64_t a, uint64_t b) {
1003 return a ^ b;
1004 }
1005
libcrux_sha3_portable_keccak_slice_1(Eurydice_slice a[1U],size_t start,size_t len,Eurydice_slice ret[1U])1006 static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_slice_1(
1007 Eurydice_slice a[1U], size_t start, size_t len, Eurydice_slice ret[1U]) {
1008 ret[0U] = Eurydice_slice_subslice2(a[0U], start, start + len, uint8_t);
1009 }
1010
1011 /**
1012 This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1:
1013 usize> for u64)}
1014 */
libcrux_sha3_portable_keccak_slice_n_5a(Eurydice_slice a[1U],size_t start,size_t len,Eurydice_slice ret[1U])1015 static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_slice_n_5a(
1016 Eurydice_slice a[1U], size_t start, size_t len, Eurydice_slice ret[1U]) {
1017 /* Passing arrays by value in Rust generates a copy in C */
1018 Eurydice_slice copy_of_a[1U];
1019 memcpy(copy_of_a, a, (size_t)1U * sizeof(Eurydice_slice));
1020 Eurydice_slice ret0[1U];
1021 libcrux_sha3_portable_keccak_slice_1(copy_of_a, start, len, ret0);
1022 memcpy(ret, ret0, (size_t)1U * sizeof(Eurydice_slice));
1023 }
1024
1025 static KRML_MUSTINLINE Eurydice_slice_uint8_t_1size_t__x2
libcrux_sha3_portable_keccak_split_at_mut_1(Eurydice_slice out[1U],size_t mid)1026 libcrux_sha3_portable_keccak_split_at_mut_1(Eurydice_slice out[1U],
1027 size_t mid) {
1028 Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at_mut(
1029 out[0U], mid, uint8_t, Eurydice_slice_uint8_t_x2);
1030 Eurydice_slice out00 = uu____0.fst;
1031 Eurydice_slice out01 = uu____0.snd;
1032 Eurydice_slice_uint8_t_1size_t__x2 lit;
1033 lit.fst[0U] = out00;
1034 lit.snd[0U] = out01;
1035 return lit;
1036 }
1037
1038 /**
1039 This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1:
1040 usize> for u64)}
1041 */
1042 static KRML_MUSTINLINE Eurydice_slice_uint8_t_1size_t__x2
libcrux_sha3_portable_keccak_split_at_mut_n_5a(Eurydice_slice a[1U],size_t mid)1043 libcrux_sha3_portable_keccak_split_at_mut_n_5a(Eurydice_slice a[1U],
1044 size_t mid) {
1045 return libcrux_sha3_portable_keccak_split_at_mut_1(a, mid);
1046 }
1047
1048 /**
1049 A monomorphic instance of libcrux_sha3.generic_keccak.KeccakState
1050 with types uint64_t
1051 with const generics
1052 - $1size_t
1053 */
1054 typedef struct libcrux_sha3_generic_keccak_KeccakState_48_s {
1055 uint64_t st[5U][5U];
1056 } libcrux_sha3_generic_keccak_KeccakState_48;
1057
1058 /**
1059 Create a new Shake128 x4 state.
1060 */
1061 /**
1062 This function found in impl {libcrux_sha3::generic_keccak::KeccakState<T,
1063 N>[TraitClause@0]#1}
1064 */
1065 /**
1066 A monomorphic instance of libcrux_sha3.generic_keccak.new_1e
1067 with types uint64_t
1068 with const generics
1069 - N= 1
1070 */
1071 static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_48
libcrux_sha3_generic_keccak_new_1e_f4(void)1072 libcrux_sha3_generic_keccak_new_1e_f4(void) {
1073 libcrux_sha3_generic_keccak_KeccakState_48 lit;
1074 lit.st[0U][0U] = libcrux_sha3_portable_keccak_zero_5a();
1075 lit.st[0U][1U] = libcrux_sha3_portable_keccak_zero_5a();
1076 lit.st[0U][2U] = libcrux_sha3_portable_keccak_zero_5a();
1077 lit.st[0U][3U] = libcrux_sha3_portable_keccak_zero_5a();
1078 lit.st[0U][4U] = libcrux_sha3_portable_keccak_zero_5a();
1079 lit.st[1U][0U] = libcrux_sha3_portable_keccak_zero_5a();
1080 lit.st[1U][1U] = libcrux_sha3_portable_keccak_zero_5a();
1081 lit.st[1U][2U] = libcrux_sha3_portable_keccak_zero_5a();
1082 lit.st[1U][3U] = libcrux_sha3_portable_keccak_zero_5a();
1083 lit.st[1U][4U] = libcrux_sha3_portable_keccak_zero_5a();
1084 lit.st[2U][0U] = libcrux_sha3_portable_keccak_zero_5a();
1085 lit.st[2U][1U] = libcrux_sha3_portable_keccak_zero_5a();
1086 lit.st[2U][2U] = libcrux_sha3_portable_keccak_zero_5a();
1087 lit.st[2U][3U] = libcrux_sha3_portable_keccak_zero_5a();
1088 lit.st[2U][4U] = libcrux_sha3_portable_keccak_zero_5a();
1089 lit.st[3U][0U] = libcrux_sha3_portable_keccak_zero_5a();
1090 lit.st[3U][1U] = libcrux_sha3_portable_keccak_zero_5a();
1091 lit.st[3U][2U] = libcrux_sha3_portable_keccak_zero_5a();
1092 lit.st[3U][3U] = libcrux_sha3_portable_keccak_zero_5a();
1093 lit.st[3U][4U] = libcrux_sha3_portable_keccak_zero_5a();
1094 lit.st[4U][0U] = libcrux_sha3_portable_keccak_zero_5a();
1095 lit.st[4U][1U] = libcrux_sha3_portable_keccak_zero_5a();
1096 lit.st[4U][2U] = libcrux_sha3_portable_keccak_zero_5a();
1097 lit.st[4U][3U] = libcrux_sha3_portable_keccak_zero_5a();
1098 lit.st[4U][4U] = libcrux_sha3_portable_keccak_zero_5a();
1099 return lit;
1100 }
1101
1102 /**
1103 A monomorphic instance of libcrux_sha3.portable_keccak.load_block
1104 with const generics
1105 - RATE= 72
1106 */
libcrux_sha3_portable_keccak_load_block_2c(uint64_t (* s)[5U],Eurydice_slice blocks[1U])1107 static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_2c(
1108 uint64_t (*s)[5U], Eurydice_slice blocks[1U]) {
1109 for (size_t i = (size_t)0U; i < (size_t)72U / (size_t)8U; i++) {
1110 size_t i0 = i;
1111 uint8_t uu____0[8U];
1112 Result_56 dst;
1113 Eurydice_slice_to_array2(
1114 &dst,
1115 Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0,
1116 (size_t)8U * i0 + (size_t)8U, uint8_t),
1117 Eurydice_slice, uint8_t[8U]);
1118 unwrap_41_ac(dst, uu____0);
1119 size_t uu____1 = i0 / (size_t)5U;
1120 size_t uu____2 = i0 % (size_t)5U;
1121 s[uu____1][uu____2] =
1122 s[uu____1][uu____2] ^ core_num__u64_9__from_le_bytes(uu____0);
1123 }
1124 }
1125
1126 /**
1127 This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1:
1128 usize> for u64)}
1129 */
1130 /**
1131 A monomorphic instance of libcrux_sha3.portable_keccak.load_block_5a
1132 with const generics
1133 - RATE= 72
1134 */
libcrux_sha3_portable_keccak_load_block_5a_b8(uint64_t (* a)[5U],Eurydice_slice b[1U])1135 static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_b8(
1136 uint64_t (*a)[5U], Eurydice_slice b[1U]) {
1137 uint64_t(*uu____0)[5U] = a;
1138 /* Passing arrays by value in Rust generates a copy in C */
1139 Eurydice_slice copy_of_b[1U];
1140 memcpy(copy_of_b, b, (size_t)1U * sizeof(Eurydice_slice));
1141 libcrux_sha3_portable_keccak_load_block_2c(uu____0, copy_of_b);
1142 }
1143
1144 /**
1145 A monomorphic instance of libcrux_sha3.portable_keccak.rotate_left
1146 with const generics
1147 - LEFT= 36
1148 - RIGHT= 28
1149 */
1150 static KRML_MUSTINLINE uint64_t
libcrux_sha3_portable_keccak_rotate_left_cb0(uint64_t x)1151 libcrux_sha3_portable_keccak_rotate_left_cb0(uint64_t x) {
1152 return x << (uint32_t)(int32_t)36 | x >> (uint32_t)(int32_t)28;
1153 }
1154
1155 /**
1156 A monomorphic instance of libcrux_sha3.portable_keccak._vxarq_u64
1157 with const generics
1158 - LEFT= 36
1159 - RIGHT= 28
1160 */
1161 static KRML_MUSTINLINE uint64_t
libcrux_sha3_portable_keccak__vxarq_u64_42(uint64_t a,uint64_t b)1162 libcrux_sha3_portable_keccak__vxarq_u64_42(uint64_t a, uint64_t b) {
1163 uint64_t ab = a ^ b;
1164 return libcrux_sha3_portable_keccak_rotate_left_cb0(ab);
1165 }
1166
1167 /**
1168 This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1:
1169 usize> for u64)}
1170 */
1171 /**
1172 A monomorphic instance of libcrux_sha3.portable_keccak.xor_and_rotate_5a
1173 with const generics
1174 - LEFT= 36
1175 - RIGHT= 28
1176 */
1177 static KRML_MUSTINLINE uint64_t
libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb(uint64_t a,uint64_t b)1178 libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb(uint64_t a, uint64_t b) {
1179 return libcrux_sha3_portable_keccak__vxarq_u64_42(a, b);
1180 }
1181
1182 /**
1183 A monomorphic instance of libcrux_sha3.portable_keccak.rotate_left
1184 with const generics
1185 - LEFT= 3
1186 - RIGHT= 61
1187 */
1188 static KRML_MUSTINLINE uint64_t
libcrux_sha3_portable_keccak_rotate_left_cb1(uint64_t x)1189 libcrux_sha3_portable_keccak_rotate_left_cb1(uint64_t x) {
1190 return x << (uint32_t)(int32_t)3 | x >> (uint32_t)(int32_t)61;
1191 }
1192
1193 /**
1194 A monomorphic instance of libcrux_sha3.portable_keccak._vxarq_u64
1195 with const generics
1196 - LEFT= 3
1197 - RIGHT= 61
1198 */
1199 static KRML_MUSTINLINE uint64_t
libcrux_sha3_portable_keccak__vxarq_u64_420(uint64_t a,uint64_t b)1200 libcrux_sha3_portable_keccak__vxarq_u64_420(uint64_t a, uint64_t b) {
1201 uint64_t ab = a ^ b;
1202 return libcrux_sha3_portable_keccak_rotate_left_cb1(ab);
1203 }
1204
1205 /**
1206 This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1:
1207 usize> for u64)}
1208 */
1209 /**
1210 A monomorphic instance of libcrux_sha3.portable_keccak.xor_and_rotate_5a
1211 with const generics
1212 - LEFT= 3
1213 - RIGHT= 61
1214 */
1215 static KRML_MUSTINLINE uint64_t
libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb0(uint64_t a,uint64_t b)1216 libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb0(uint64_t a, uint64_t b) {
1217 return libcrux_sha3_portable_keccak__vxarq_u64_420(a, b);
1218 }
1219
1220 /**
1221 A monomorphic instance of libcrux_sha3.portable_keccak.rotate_left
1222 with const generics
1223 - LEFT= 41
1224 - RIGHT= 23
1225 */
1226 static KRML_MUSTINLINE uint64_t
libcrux_sha3_portable_keccak_rotate_left_cb2(uint64_t x)1227 libcrux_sha3_portable_keccak_rotate_left_cb2(uint64_t x) {
1228 return x << (uint32_t)(int32_t)41 | x >> (uint32_t)(int32_t)23;
1229 }
1230
1231 /**
1232 A monomorphic instance of libcrux_sha3.portable_keccak._vxarq_u64
1233 with const generics
1234 - LEFT= 41
1235 - RIGHT= 23
1236 */
1237 static KRML_MUSTINLINE uint64_t
libcrux_sha3_portable_keccak__vxarq_u64_421(uint64_t a,uint64_t b)1238 libcrux_sha3_portable_keccak__vxarq_u64_421(uint64_t a, uint64_t b) {
1239 uint64_t ab = a ^ b;
1240 return libcrux_sha3_portable_keccak_rotate_left_cb2(ab);
1241 }
1242
1243 /**
1244 This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1:
1245 usize> for u64)}
1246 */
1247 /**
1248 A monomorphic instance of libcrux_sha3.portable_keccak.xor_and_rotate_5a
1249 with const generics
1250 - LEFT= 41
1251 - RIGHT= 23
1252 */
1253 static KRML_MUSTINLINE uint64_t
libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb1(uint64_t a,uint64_t b)1254 libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb1(uint64_t a, uint64_t b) {
1255 return libcrux_sha3_portable_keccak__vxarq_u64_421(a, b);
1256 }
1257
1258 /**
1259 A monomorphic instance of libcrux_sha3.portable_keccak.rotate_left
1260 with const generics
1261 - LEFT= 18
1262 - RIGHT= 46
1263 */
1264 static KRML_MUSTINLINE uint64_t
libcrux_sha3_portable_keccak_rotate_left_cb3(uint64_t x)1265 libcrux_sha3_portable_keccak_rotate_left_cb3(uint64_t x) {
1266 return x << (uint32_t)(int32_t)18 | x >> (uint32_t)(int32_t)46;
1267 }
1268
1269 /**
1270 A monomorphic instance of libcrux_sha3.portable_keccak._vxarq_u64
1271 with const generics
1272 - LEFT= 18
1273 - RIGHT= 46
1274 */
1275 static KRML_MUSTINLINE uint64_t
libcrux_sha3_portable_keccak__vxarq_u64_422(uint64_t a,uint64_t b)1276 libcrux_sha3_portable_keccak__vxarq_u64_422(uint64_t a, uint64_t b) {
1277 uint64_t ab = a ^ b;
1278 return libcrux_sha3_portable_keccak_rotate_left_cb3(ab);
1279 }
1280
1281 /**
1282 This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1:
1283 usize> for u64)}
1284 */
1285 /**
1286 A monomorphic instance of libcrux_sha3.portable_keccak.xor_and_rotate_5a
1287 with const generics
1288 - LEFT= 18
1289 - RIGHT= 46
1290 */
1291 static KRML_MUSTINLINE uint64_t
libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb2(uint64_t a,uint64_t b)1292 libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb2(uint64_t a, uint64_t b) {
1293 return libcrux_sha3_portable_keccak__vxarq_u64_422(a, b);
1294 }
1295
1296 /**
1297 A monomorphic instance of libcrux_sha3.portable_keccak._vxarq_u64
1298 with const generics
1299 - LEFT= 1
1300 - RIGHT= 63
1301 */
1302 static KRML_MUSTINLINE uint64_t
libcrux_sha3_portable_keccak__vxarq_u64_423(uint64_t a,uint64_t b)1303 libcrux_sha3_portable_keccak__vxarq_u64_423(uint64_t a, uint64_t b) {
1304 uint64_t ab = a ^ b;
1305 return libcrux_sha3_portable_keccak_rotate_left_cb(ab);
1306 }
1307
1308 /**
1309 This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1:
1310 usize> for u64)}
1311 */
1312 /**
1313 A monomorphic instance of libcrux_sha3.portable_keccak.xor_and_rotate_5a
1314 with const generics
1315 - LEFT= 1
1316 - RIGHT= 63
1317 */
1318 static KRML_MUSTINLINE uint64_t
libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb3(uint64_t a,uint64_t b)1319 libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb3(uint64_t a, uint64_t b) {
1320 return libcrux_sha3_portable_keccak__vxarq_u64_423(a, b);
1321 }
1322
1323 /**
1324 A monomorphic instance of libcrux_sha3.portable_keccak.rotate_left
1325 with const generics
1326 - LEFT= 44
1327 - RIGHT= 20
1328 */
1329 static KRML_MUSTINLINE uint64_t
libcrux_sha3_portable_keccak_rotate_left_cb4(uint64_t x)1330 libcrux_sha3_portable_keccak_rotate_left_cb4(uint64_t x) {
1331 return x << (uint32_t)(int32_t)44 | x >> (uint32_t)(int32_t)20;
1332 }
1333
1334 /**
1335 A monomorphic instance of libcrux_sha3.portable_keccak._vxarq_u64
1336 with const generics
1337 - LEFT= 44
1338 - RIGHT= 20
1339 */
1340 static KRML_MUSTINLINE uint64_t
libcrux_sha3_portable_keccak__vxarq_u64_424(uint64_t a,uint64_t b)1341 libcrux_sha3_portable_keccak__vxarq_u64_424(uint64_t a, uint64_t b) {
1342 uint64_t ab = a ^ b;
1343 return libcrux_sha3_portable_keccak_rotate_left_cb4(ab);
1344 }
1345
1346 /**
1347 This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1:
1348 usize> for u64)}
1349 */
1350 /**
1351 A monomorphic instance of libcrux_sha3.portable_keccak.xor_and_rotate_5a
1352 with const generics
1353 - LEFT= 44
1354 - RIGHT= 20
1355 */
1356 static KRML_MUSTINLINE uint64_t
libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb4(uint64_t a,uint64_t b)1357 libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb4(uint64_t a, uint64_t b) {
1358 return libcrux_sha3_portable_keccak__vxarq_u64_424(a, b);
1359 }
1360
1361 /**
1362 A monomorphic instance of libcrux_sha3.portable_keccak.rotate_left
1363 with const generics
1364 - LEFT= 10
1365 - RIGHT= 54
1366 */
1367 static KRML_MUSTINLINE uint64_t
libcrux_sha3_portable_keccak_rotate_left_cb5(uint64_t x)1368 libcrux_sha3_portable_keccak_rotate_left_cb5(uint64_t x) {
1369 return x << (uint32_t)(int32_t)10 | x >> (uint32_t)(int32_t)54;
1370 }
1371
1372 /**
1373 A monomorphic instance of libcrux_sha3.portable_keccak._vxarq_u64
1374 with const generics
1375 - LEFT= 10
1376 - RIGHT= 54
1377 */
1378 static KRML_MUSTINLINE uint64_t
libcrux_sha3_portable_keccak__vxarq_u64_425(uint64_t a,uint64_t b)1379 libcrux_sha3_portable_keccak__vxarq_u64_425(uint64_t a, uint64_t b) {
1380 uint64_t ab = a ^ b;
1381 return libcrux_sha3_portable_keccak_rotate_left_cb5(ab);
1382 }
1383
1384 /**
1385 This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1:
1386 usize> for u64)}
1387 */
1388 /**
1389 A monomorphic instance of libcrux_sha3.portable_keccak.xor_and_rotate_5a
1390 with const generics
1391 - LEFT= 10
1392 - RIGHT= 54
1393 */
1394 static KRML_MUSTINLINE uint64_t
libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb5(uint64_t a,uint64_t b)1395 libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb5(uint64_t a, uint64_t b) {
1396 return libcrux_sha3_portable_keccak__vxarq_u64_425(a, b);
1397 }
1398
1399 /**
1400 A monomorphic instance of libcrux_sha3.portable_keccak.rotate_left
1401 with const generics
1402 - LEFT= 45
1403 - RIGHT= 19
1404 */
1405 static KRML_MUSTINLINE uint64_t
libcrux_sha3_portable_keccak_rotate_left_cb6(uint64_t x)1406 libcrux_sha3_portable_keccak_rotate_left_cb6(uint64_t x) {
1407 return x << (uint32_t)(int32_t)45 | x >> (uint32_t)(int32_t)19;
1408 }
1409
1410 /**
1411 A monomorphic instance of libcrux_sha3.portable_keccak._vxarq_u64
1412 with const generics
1413 - LEFT= 45
1414 - RIGHT= 19
1415 */
1416 static KRML_MUSTINLINE uint64_t
libcrux_sha3_portable_keccak__vxarq_u64_426(uint64_t a,uint64_t b)1417 libcrux_sha3_portable_keccak__vxarq_u64_426(uint64_t a, uint64_t b) {
1418 uint64_t ab = a ^ b;
1419 return libcrux_sha3_portable_keccak_rotate_left_cb6(ab);
1420 }
1421
1422 /**
1423 This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1:
1424 usize> for u64)}
1425 */
1426 /**
1427 A monomorphic instance of libcrux_sha3.portable_keccak.xor_and_rotate_5a
1428 with const generics
1429 - LEFT= 45
1430 - RIGHT= 19
1431 */
1432 static KRML_MUSTINLINE uint64_t
libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb6(uint64_t a,uint64_t b)1433 libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb6(uint64_t a, uint64_t b) {
1434 return libcrux_sha3_portable_keccak__vxarq_u64_426(a, b);
1435 }
1436
1437 /**
1438 A monomorphic instance of libcrux_sha3.portable_keccak.rotate_left
1439 with const generics
1440 - LEFT= 2
1441 - RIGHT= 62
1442 */
1443 static KRML_MUSTINLINE uint64_t
libcrux_sha3_portable_keccak_rotate_left_cb7(uint64_t x)1444 libcrux_sha3_portable_keccak_rotate_left_cb7(uint64_t x) {
1445 return x << (uint32_t)(int32_t)2 | x >> (uint32_t)(int32_t)62;
1446 }
1447
1448 /**
1449 A monomorphic instance of libcrux_sha3.portable_keccak._vxarq_u64
1450 with const generics
1451 - LEFT= 2
1452 - RIGHT= 62
1453 */
1454 static KRML_MUSTINLINE uint64_t
libcrux_sha3_portable_keccak__vxarq_u64_427(uint64_t a,uint64_t b)1455 libcrux_sha3_portable_keccak__vxarq_u64_427(uint64_t a, uint64_t b) {
1456 uint64_t ab = a ^ b;
1457 return libcrux_sha3_portable_keccak_rotate_left_cb7(ab);
1458 }
1459
1460 /**
1461 This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1:
1462 usize> for u64)}
1463 */
1464 /**
1465 A monomorphic instance of libcrux_sha3.portable_keccak.xor_and_rotate_5a
1466 with const generics
1467 - LEFT= 2
1468 - RIGHT= 62
1469 */
1470 static KRML_MUSTINLINE uint64_t
libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb7(uint64_t a,uint64_t b)1471 libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb7(uint64_t a, uint64_t b) {
1472 return libcrux_sha3_portable_keccak__vxarq_u64_427(a, b);
1473 }
1474
1475 /**
1476 A monomorphic instance of libcrux_sha3.portable_keccak.rotate_left
1477 with const generics
1478 - LEFT= 62
1479 - RIGHT= 2
1480 */
1481 static KRML_MUSTINLINE uint64_t
libcrux_sha3_portable_keccak_rotate_left_cb8(uint64_t x)1482 libcrux_sha3_portable_keccak_rotate_left_cb8(uint64_t x) {
1483 return x << (uint32_t)(int32_t)62 | x >> (uint32_t)(int32_t)2;
1484 }
1485
1486 /**
1487 A monomorphic instance of libcrux_sha3.portable_keccak._vxarq_u64
1488 with const generics
1489 - LEFT= 62
1490 - RIGHT= 2
1491 */
1492 static KRML_MUSTINLINE uint64_t
libcrux_sha3_portable_keccak__vxarq_u64_428(uint64_t a,uint64_t b)1493 libcrux_sha3_portable_keccak__vxarq_u64_428(uint64_t a, uint64_t b) {
1494 uint64_t ab = a ^ b;
1495 return libcrux_sha3_portable_keccak_rotate_left_cb8(ab);
1496 }
1497
1498 /**
1499 This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1:
1500 usize> for u64)}
1501 */
1502 /**
1503 A monomorphic instance of libcrux_sha3.portable_keccak.xor_and_rotate_5a
1504 with const generics
1505 - LEFT= 62
1506 - RIGHT= 2
1507 */
1508 static KRML_MUSTINLINE uint64_t
libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb8(uint64_t a,uint64_t b)1509 libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb8(uint64_t a, uint64_t b) {
1510 return libcrux_sha3_portable_keccak__vxarq_u64_428(a, b);
1511 }
1512
1513 /**
1514 A monomorphic instance of libcrux_sha3.portable_keccak.rotate_left
1515 with const generics
1516 - LEFT= 6
1517 - RIGHT= 58
1518 */
1519 static KRML_MUSTINLINE uint64_t
libcrux_sha3_portable_keccak_rotate_left_cb9(uint64_t x)1520 libcrux_sha3_portable_keccak_rotate_left_cb9(uint64_t x) {
1521 return x << (uint32_t)(int32_t)6 | x >> (uint32_t)(int32_t)58;
1522 }
1523
1524 /**
1525 A monomorphic instance of libcrux_sha3.portable_keccak._vxarq_u64
1526 with const generics
1527 - LEFT= 6
1528 - RIGHT= 58
1529 */
1530 static KRML_MUSTINLINE uint64_t
libcrux_sha3_portable_keccak__vxarq_u64_429(uint64_t a,uint64_t b)1531 libcrux_sha3_portable_keccak__vxarq_u64_429(uint64_t a, uint64_t b) {
1532 uint64_t ab = a ^ b;
1533 return libcrux_sha3_portable_keccak_rotate_left_cb9(ab);
1534 }
1535
1536 /**
1537 This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1:
1538 usize> for u64)}
1539 */
1540 /**
1541 A monomorphic instance of libcrux_sha3.portable_keccak.xor_and_rotate_5a
1542 with const generics
1543 - LEFT= 6
1544 - RIGHT= 58
1545 */
1546 static KRML_MUSTINLINE uint64_t
libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb9(uint64_t a,uint64_t b)1547 libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb9(uint64_t a, uint64_t b) {
1548 return libcrux_sha3_portable_keccak__vxarq_u64_429(a, b);
1549 }
1550
1551 /**
1552 A monomorphic instance of libcrux_sha3.portable_keccak.rotate_left
1553 with const generics
1554 - LEFT= 43
1555 - RIGHT= 21
1556 */
1557 static KRML_MUSTINLINE uint64_t
libcrux_sha3_portable_keccak_rotate_left_cb10(uint64_t x)1558 libcrux_sha3_portable_keccak_rotate_left_cb10(uint64_t x) {
1559 return x << (uint32_t)(int32_t)43 | x >> (uint32_t)(int32_t)21;
1560 }
1561
1562 /**
1563 A monomorphic instance of libcrux_sha3.portable_keccak._vxarq_u64
1564 with const generics
1565 - LEFT= 43
1566 - RIGHT= 21
1567 */
1568 static KRML_MUSTINLINE uint64_t
libcrux_sha3_portable_keccak__vxarq_u64_4210(uint64_t a,uint64_t b)1569 libcrux_sha3_portable_keccak__vxarq_u64_4210(uint64_t a, uint64_t b) {
1570 uint64_t ab = a ^ b;
1571 return libcrux_sha3_portable_keccak_rotate_left_cb10(ab);
1572 }
1573
1574 /**
1575 This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1:
1576 usize> for u64)}
1577 */
1578 /**
1579 A monomorphic instance of libcrux_sha3.portable_keccak.xor_and_rotate_5a
1580 with const generics
1581 - LEFT= 43
1582 - RIGHT= 21
1583 */
1584 static KRML_MUSTINLINE uint64_t
libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb10(uint64_t a,uint64_t b)1585 libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb10(uint64_t a, uint64_t b) {
1586 return libcrux_sha3_portable_keccak__vxarq_u64_4210(a, b);
1587 }
1588
1589 /**
1590 A monomorphic instance of libcrux_sha3.portable_keccak.rotate_left
1591 with const generics
1592 - LEFT= 15
1593 - RIGHT= 49
1594 */
1595 static KRML_MUSTINLINE uint64_t
libcrux_sha3_portable_keccak_rotate_left_cb11(uint64_t x)1596 libcrux_sha3_portable_keccak_rotate_left_cb11(uint64_t x) {
1597 return x << (uint32_t)(int32_t)15 | x >> (uint32_t)(int32_t)49;
1598 }
1599
1600 /**
1601 A monomorphic instance of libcrux_sha3.portable_keccak._vxarq_u64
1602 with const generics
1603 - LEFT= 15
1604 - RIGHT= 49
1605 */
1606 static KRML_MUSTINLINE uint64_t
libcrux_sha3_portable_keccak__vxarq_u64_4211(uint64_t a,uint64_t b)1607 libcrux_sha3_portable_keccak__vxarq_u64_4211(uint64_t a, uint64_t b) {
1608 uint64_t ab = a ^ b;
1609 return libcrux_sha3_portable_keccak_rotate_left_cb11(ab);
1610 }
1611
1612 /**
1613 This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1:
1614 usize> for u64)}
1615 */
1616 /**
1617 A monomorphic instance of libcrux_sha3.portable_keccak.xor_and_rotate_5a
1618 with const generics
1619 - LEFT= 15
1620 - RIGHT= 49
1621 */
1622 static KRML_MUSTINLINE uint64_t
libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb11(uint64_t a,uint64_t b)1623 libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb11(uint64_t a, uint64_t b) {
1624 return libcrux_sha3_portable_keccak__vxarq_u64_4211(a, b);
1625 }
1626
1627 /**
1628 A monomorphic instance of libcrux_sha3.portable_keccak.rotate_left
1629 with const generics
1630 - LEFT= 61
1631 - RIGHT= 3
1632 */
1633 static KRML_MUSTINLINE uint64_t
libcrux_sha3_portable_keccak_rotate_left_cb12(uint64_t x)1634 libcrux_sha3_portable_keccak_rotate_left_cb12(uint64_t x) {
1635 return x << (uint32_t)(int32_t)61 | x >> (uint32_t)(int32_t)3;
1636 }
1637
1638 /**
1639 A monomorphic instance of libcrux_sha3.portable_keccak._vxarq_u64
1640 with const generics
1641 - LEFT= 61
1642 - RIGHT= 3
1643 */
1644 static KRML_MUSTINLINE uint64_t
libcrux_sha3_portable_keccak__vxarq_u64_4212(uint64_t a,uint64_t b)1645 libcrux_sha3_portable_keccak__vxarq_u64_4212(uint64_t a, uint64_t b) {
1646 uint64_t ab = a ^ b;
1647 return libcrux_sha3_portable_keccak_rotate_left_cb12(ab);
1648 }
1649
1650 /**
1651 This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1:
1652 usize> for u64)}
1653 */
1654 /**
1655 A monomorphic instance of libcrux_sha3.portable_keccak.xor_and_rotate_5a
1656 with const generics
1657 - LEFT= 61
1658 - RIGHT= 3
1659 */
1660 static KRML_MUSTINLINE uint64_t
libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb12(uint64_t a,uint64_t b)1661 libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb12(uint64_t a, uint64_t b) {
1662 return libcrux_sha3_portable_keccak__vxarq_u64_4212(a, b);
1663 }
1664
1665 /**
1666 A monomorphic instance of libcrux_sha3.portable_keccak.rotate_left
1667 with const generics
1668 - LEFT= 28
1669 - RIGHT= 36
1670 */
1671 static KRML_MUSTINLINE uint64_t
libcrux_sha3_portable_keccak_rotate_left_cb13(uint64_t x)1672 libcrux_sha3_portable_keccak_rotate_left_cb13(uint64_t x) {
1673 return x << (uint32_t)(int32_t)28 | x >> (uint32_t)(int32_t)36;
1674 }
1675
1676 /**
1677 A monomorphic instance of libcrux_sha3.portable_keccak._vxarq_u64
1678 with const generics
1679 - LEFT= 28
1680 - RIGHT= 36
1681 */
1682 static KRML_MUSTINLINE uint64_t
libcrux_sha3_portable_keccak__vxarq_u64_4213(uint64_t a,uint64_t b)1683 libcrux_sha3_portable_keccak__vxarq_u64_4213(uint64_t a, uint64_t b) {
1684 uint64_t ab = a ^ b;
1685 return libcrux_sha3_portable_keccak_rotate_left_cb13(ab);
1686 }
1687
1688 /**
1689 This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1:
1690 usize> for u64)}
1691 */
1692 /**
1693 A monomorphic instance of libcrux_sha3.portable_keccak.xor_and_rotate_5a
1694 with const generics
1695 - LEFT= 28
1696 - RIGHT= 36
1697 */
1698 static KRML_MUSTINLINE uint64_t
libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb13(uint64_t a,uint64_t b)1699 libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb13(uint64_t a, uint64_t b) {
1700 return libcrux_sha3_portable_keccak__vxarq_u64_4213(a, b);
1701 }
1702
1703 /**
1704 A monomorphic instance of libcrux_sha3.portable_keccak.rotate_left
1705 with const generics
1706 - LEFT= 55
1707 - RIGHT= 9
1708 */
1709 static KRML_MUSTINLINE uint64_t
libcrux_sha3_portable_keccak_rotate_left_cb14(uint64_t x)1710 libcrux_sha3_portable_keccak_rotate_left_cb14(uint64_t x) {
1711 return x << (uint32_t)(int32_t)55 | x >> (uint32_t)(int32_t)9;
1712 }
1713
1714 /**
1715 A monomorphic instance of libcrux_sha3.portable_keccak._vxarq_u64
1716 with const generics
1717 - LEFT= 55
1718 - RIGHT= 9
1719 */
1720 static KRML_MUSTINLINE uint64_t
libcrux_sha3_portable_keccak__vxarq_u64_4214(uint64_t a,uint64_t b)1721 libcrux_sha3_portable_keccak__vxarq_u64_4214(uint64_t a, uint64_t b) {
1722 uint64_t ab = a ^ b;
1723 return libcrux_sha3_portable_keccak_rotate_left_cb14(ab);
1724 }
1725
1726 /**
1727 This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1:
1728 usize> for u64)}
1729 */
1730 /**
1731 A monomorphic instance of libcrux_sha3.portable_keccak.xor_and_rotate_5a
1732 with const generics
1733 - LEFT= 55
1734 - RIGHT= 9
1735 */
1736 static KRML_MUSTINLINE uint64_t
libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb14(uint64_t a,uint64_t b)1737 libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb14(uint64_t a, uint64_t b) {
1738 return libcrux_sha3_portable_keccak__vxarq_u64_4214(a, b);
1739 }
1740
1741 /**
1742 A monomorphic instance of libcrux_sha3.portable_keccak.rotate_left
1743 with const generics
1744 - LEFT= 25
1745 - RIGHT= 39
1746 */
1747 static KRML_MUSTINLINE uint64_t
libcrux_sha3_portable_keccak_rotate_left_cb15(uint64_t x)1748 libcrux_sha3_portable_keccak_rotate_left_cb15(uint64_t x) {
1749 return x << (uint32_t)(int32_t)25 | x >> (uint32_t)(int32_t)39;
1750 }
1751
1752 /**
1753 A monomorphic instance of libcrux_sha3.portable_keccak._vxarq_u64
1754 with const generics
1755 - LEFT= 25
1756 - RIGHT= 39
1757 */
1758 static KRML_MUSTINLINE uint64_t
libcrux_sha3_portable_keccak__vxarq_u64_4215(uint64_t a,uint64_t b)1759 libcrux_sha3_portable_keccak__vxarq_u64_4215(uint64_t a, uint64_t b) {
1760 uint64_t ab = a ^ b;
1761 return libcrux_sha3_portable_keccak_rotate_left_cb15(ab);
1762 }
1763
1764 /**
1765 This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1:
1766 usize> for u64)}
1767 */
1768 /**
1769 A monomorphic instance of libcrux_sha3.portable_keccak.xor_and_rotate_5a
1770 with const generics
1771 - LEFT= 25
1772 - RIGHT= 39
1773 */
1774 static KRML_MUSTINLINE uint64_t
libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb15(uint64_t a,uint64_t b)1775 libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb15(uint64_t a, uint64_t b) {
1776 return libcrux_sha3_portable_keccak__vxarq_u64_4215(a, b);
1777 }
1778
1779 /**
1780 A monomorphic instance of libcrux_sha3.portable_keccak.rotate_left
1781 with const generics
1782 - LEFT= 21
1783 - RIGHT= 43
1784 */
1785 static KRML_MUSTINLINE uint64_t
libcrux_sha3_portable_keccak_rotate_left_cb16(uint64_t x)1786 libcrux_sha3_portable_keccak_rotate_left_cb16(uint64_t x) {
1787 return x << (uint32_t)(int32_t)21 | x >> (uint32_t)(int32_t)43;
1788 }
1789
1790 /**
1791 A monomorphic instance of libcrux_sha3.portable_keccak._vxarq_u64
1792 with const generics
1793 - LEFT= 21
1794 - RIGHT= 43
1795 */
1796 static KRML_MUSTINLINE uint64_t
libcrux_sha3_portable_keccak__vxarq_u64_4216(uint64_t a,uint64_t b)1797 libcrux_sha3_portable_keccak__vxarq_u64_4216(uint64_t a, uint64_t b) {
1798 uint64_t ab = a ^ b;
1799 return libcrux_sha3_portable_keccak_rotate_left_cb16(ab);
1800 }
1801
1802 /**
1803 This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1:
1804 usize> for u64)}
1805 */
1806 /**
1807 A monomorphic instance of libcrux_sha3.portable_keccak.xor_and_rotate_5a
1808 with const generics
1809 - LEFT= 21
1810 - RIGHT= 43
1811 */
1812 static KRML_MUSTINLINE uint64_t
libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb16(uint64_t a,uint64_t b)1813 libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb16(uint64_t a, uint64_t b) {
1814 return libcrux_sha3_portable_keccak__vxarq_u64_4216(a, b);
1815 }
1816
1817 /**
1818 A monomorphic instance of libcrux_sha3.portable_keccak.rotate_left
1819 with const generics
1820 - LEFT= 56
1821 - RIGHT= 8
1822 */
1823 static KRML_MUSTINLINE uint64_t
libcrux_sha3_portable_keccak_rotate_left_cb17(uint64_t x)1824 libcrux_sha3_portable_keccak_rotate_left_cb17(uint64_t x) {
1825 return x << (uint32_t)(int32_t)56 | x >> (uint32_t)(int32_t)8;
1826 }
1827
1828 /**
1829 A monomorphic instance of libcrux_sha3.portable_keccak._vxarq_u64
1830 with const generics
1831 - LEFT= 56
1832 - RIGHT= 8
1833 */
1834 static KRML_MUSTINLINE uint64_t
libcrux_sha3_portable_keccak__vxarq_u64_4217(uint64_t a,uint64_t b)1835 libcrux_sha3_portable_keccak__vxarq_u64_4217(uint64_t a, uint64_t b) {
1836 uint64_t ab = a ^ b;
1837 return libcrux_sha3_portable_keccak_rotate_left_cb17(ab);
1838 }
1839
1840 /**
1841 This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1:
1842 usize> for u64)}
1843 */
1844 /**
1845 A monomorphic instance of libcrux_sha3.portable_keccak.xor_and_rotate_5a
1846 with const generics
1847 - LEFT= 56
1848 - RIGHT= 8
1849 */
1850 static KRML_MUSTINLINE uint64_t
libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb17(uint64_t a,uint64_t b)1851 libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb17(uint64_t a, uint64_t b) {
1852 return libcrux_sha3_portable_keccak__vxarq_u64_4217(a, b);
1853 }
1854
1855 /**
1856 A monomorphic instance of libcrux_sha3.portable_keccak.rotate_left
1857 with const generics
1858 - LEFT= 27
1859 - RIGHT= 37
1860 */
1861 static KRML_MUSTINLINE uint64_t
libcrux_sha3_portable_keccak_rotate_left_cb18(uint64_t x)1862 libcrux_sha3_portable_keccak_rotate_left_cb18(uint64_t x) {
1863 return x << (uint32_t)(int32_t)27 | x >> (uint32_t)(int32_t)37;
1864 }
1865
1866 /**
1867 A monomorphic instance of libcrux_sha3.portable_keccak._vxarq_u64
1868 with const generics
1869 - LEFT= 27
1870 - RIGHT= 37
1871 */
1872 static KRML_MUSTINLINE uint64_t
libcrux_sha3_portable_keccak__vxarq_u64_4218(uint64_t a,uint64_t b)1873 libcrux_sha3_portable_keccak__vxarq_u64_4218(uint64_t a, uint64_t b) {
1874 uint64_t ab = a ^ b;
1875 return libcrux_sha3_portable_keccak_rotate_left_cb18(ab);
1876 }
1877
1878 /**
1879 This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1:
1880 usize> for u64)}
1881 */
1882 /**
1883 A monomorphic instance of libcrux_sha3.portable_keccak.xor_and_rotate_5a
1884 with const generics
1885 - LEFT= 27
1886 - RIGHT= 37
1887 */
1888 static KRML_MUSTINLINE uint64_t
libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb18(uint64_t a,uint64_t b)1889 libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb18(uint64_t a, uint64_t b) {
1890 return libcrux_sha3_portable_keccak__vxarq_u64_4218(a, b);
1891 }
1892
1893 /**
1894 A monomorphic instance of libcrux_sha3.portable_keccak.rotate_left
1895 with const generics
1896 - LEFT= 20
1897 - RIGHT= 44
1898 */
1899 static KRML_MUSTINLINE uint64_t
libcrux_sha3_portable_keccak_rotate_left_cb19(uint64_t x)1900 libcrux_sha3_portable_keccak_rotate_left_cb19(uint64_t x) {
1901 return x << (uint32_t)(int32_t)20 | x >> (uint32_t)(int32_t)44;
1902 }
1903
1904 /**
1905 A monomorphic instance of libcrux_sha3.portable_keccak._vxarq_u64
1906 with const generics
1907 - LEFT= 20
1908 - RIGHT= 44
1909 */
1910 static KRML_MUSTINLINE uint64_t
libcrux_sha3_portable_keccak__vxarq_u64_4219(uint64_t a,uint64_t b)1911 libcrux_sha3_portable_keccak__vxarq_u64_4219(uint64_t a, uint64_t b) {
1912 uint64_t ab = a ^ b;
1913 return libcrux_sha3_portable_keccak_rotate_left_cb19(ab);
1914 }
1915
1916 /**
1917 This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1:
1918 usize> for u64)}
1919 */
1920 /**
1921 A monomorphic instance of libcrux_sha3.portable_keccak.xor_and_rotate_5a
1922 with const generics
1923 - LEFT= 20
1924 - RIGHT= 44
1925 */
1926 static KRML_MUSTINLINE uint64_t
libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb19(uint64_t a,uint64_t b)1927 libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb19(uint64_t a, uint64_t b) {
1928 return libcrux_sha3_portable_keccak__vxarq_u64_4219(a, b);
1929 }
1930
1931 /**
1932 A monomorphic instance of libcrux_sha3.portable_keccak.rotate_left
1933 with const generics
1934 - LEFT= 39
1935 - RIGHT= 25
1936 */
1937 static KRML_MUSTINLINE uint64_t
libcrux_sha3_portable_keccak_rotate_left_cb20(uint64_t x)1938 libcrux_sha3_portable_keccak_rotate_left_cb20(uint64_t x) {
1939 return x << (uint32_t)(int32_t)39 | x >> (uint32_t)(int32_t)25;
1940 }
1941
1942 /**
1943 A monomorphic instance of libcrux_sha3.portable_keccak._vxarq_u64
1944 with const generics
1945 - LEFT= 39
1946 - RIGHT= 25
1947 */
1948 static KRML_MUSTINLINE uint64_t
libcrux_sha3_portable_keccak__vxarq_u64_4220(uint64_t a,uint64_t b)1949 libcrux_sha3_portable_keccak__vxarq_u64_4220(uint64_t a, uint64_t b) {
1950 uint64_t ab = a ^ b;
1951 return libcrux_sha3_portable_keccak_rotate_left_cb20(ab);
1952 }
1953
1954 /**
1955 This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1:
1956 usize> for u64)}
1957 */
1958 /**
1959 A monomorphic instance of libcrux_sha3.portable_keccak.xor_and_rotate_5a
1960 with const generics
1961 - LEFT= 39
1962 - RIGHT= 25
1963 */
1964 static KRML_MUSTINLINE uint64_t
libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb20(uint64_t a,uint64_t b)1965 libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb20(uint64_t a, uint64_t b) {
1966 return libcrux_sha3_portable_keccak__vxarq_u64_4220(a, b);
1967 }
1968
1969 /**
1970 A monomorphic instance of libcrux_sha3.portable_keccak.rotate_left
1971 with const generics
1972 - LEFT= 8
1973 - RIGHT= 56
1974 */
1975 static KRML_MUSTINLINE uint64_t
libcrux_sha3_portable_keccak_rotate_left_cb21(uint64_t x)1976 libcrux_sha3_portable_keccak_rotate_left_cb21(uint64_t x) {
1977 return x << (uint32_t)(int32_t)8 | x >> (uint32_t)(int32_t)56;
1978 }
1979
1980 /**
1981 A monomorphic instance of libcrux_sha3.portable_keccak._vxarq_u64
1982 with const generics
1983 - LEFT= 8
1984 - RIGHT= 56
1985 */
1986 static KRML_MUSTINLINE uint64_t
libcrux_sha3_portable_keccak__vxarq_u64_4221(uint64_t a,uint64_t b)1987 libcrux_sha3_portable_keccak__vxarq_u64_4221(uint64_t a, uint64_t b) {
1988 uint64_t ab = a ^ b;
1989 return libcrux_sha3_portable_keccak_rotate_left_cb21(ab);
1990 }
1991
1992 /**
1993 This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1:
1994 usize> for u64)}
1995 */
1996 /**
1997 A monomorphic instance of libcrux_sha3.portable_keccak.xor_and_rotate_5a
1998 with const generics
1999 - LEFT= 8
2000 - RIGHT= 56
2001 */
2002 static KRML_MUSTINLINE uint64_t
libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb21(uint64_t a,uint64_t b)2003 libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb21(uint64_t a, uint64_t b) {
2004 return libcrux_sha3_portable_keccak__vxarq_u64_4221(a, b);
2005 }
2006
2007 /**
2008 A monomorphic instance of libcrux_sha3.portable_keccak.rotate_left
2009 with const generics
2010 - LEFT= 14
2011 - RIGHT= 50
2012 */
2013 static KRML_MUSTINLINE uint64_t
libcrux_sha3_portable_keccak_rotate_left_cb22(uint64_t x)2014 libcrux_sha3_portable_keccak_rotate_left_cb22(uint64_t x) {
2015 return x << (uint32_t)(int32_t)14 | x >> (uint32_t)(int32_t)50;
2016 }
2017
2018 /**
2019 A monomorphic instance of libcrux_sha3.portable_keccak._vxarq_u64
2020 with const generics
2021 - LEFT= 14
2022 - RIGHT= 50
2023 */
2024 static KRML_MUSTINLINE uint64_t
libcrux_sha3_portable_keccak__vxarq_u64_4222(uint64_t a,uint64_t b)2025 libcrux_sha3_portable_keccak__vxarq_u64_4222(uint64_t a, uint64_t b) {
2026 uint64_t ab = a ^ b;
2027 return libcrux_sha3_portable_keccak_rotate_left_cb22(ab);
2028 }
2029
2030 /**
2031 This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1:
2032 usize> for u64)}
2033 */
2034 /**
2035 A monomorphic instance of libcrux_sha3.portable_keccak.xor_and_rotate_5a
2036 with const generics
2037 - LEFT= 14
2038 - RIGHT= 50
2039 */
2040 static KRML_MUSTINLINE uint64_t
libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb22(uint64_t a,uint64_t b)2041 libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb22(uint64_t a, uint64_t b) {
2042 return libcrux_sha3_portable_keccak__vxarq_u64_4222(a, b);
2043 }
2044
2045 /**
2046 A monomorphic instance of libcrux_sha3.generic_keccak.theta_rho
2047 with types uint64_t
2048 with const generics
2049 - N= 1
2050 */
libcrux_sha3_generic_keccak_theta_rho_16(libcrux_sha3_generic_keccak_KeccakState_48 * s)2051 static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_theta_rho_16(
2052 libcrux_sha3_generic_keccak_KeccakState_48 *s) {
2053 uint64_t c[5U] = {
2054 libcrux_sha3_portable_keccak_xor5_5a(s->st[0U][0U], s->st[1U][0U],
2055 s->st[2U][0U], s->st[3U][0U],
2056 s->st[4U][0U]),
2057 libcrux_sha3_portable_keccak_xor5_5a(s->st[0U][1U], s->st[1U][1U],
2058 s->st[2U][1U], s->st[3U][1U],
2059 s->st[4U][1U]),
2060 libcrux_sha3_portable_keccak_xor5_5a(s->st[0U][2U], s->st[1U][2U],
2061 s->st[2U][2U], s->st[3U][2U],
2062 s->st[4U][2U]),
2063 libcrux_sha3_portable_keccak_xor5_5a(s->st[0U][3U], s->st[1U][3U],
2064 s->st[2U][3U], s->st[3U][3U],
2065 s->st[4U][3U]),
2066 libcrux_sha3_portable_keccak_xor5_5a(s->st[0U][4U], s->st[1U][4U],
2067 s->st[2U][4U], s->st[3U][4U],
2068 s->st[4U][4U])};
2069 uint64_t uu____0 = libcrux_sha3_portable_keccak_rotate_left1_and_xor_5a(
2070 c[((size_t)0U + (size_t)4U) % (size_t)5U],
2071 c[((size_t)0U + (size_t)1U) % (size_t)5U]);
2072 uint64_t uu____1 = libcrux_sha3_portable_keccak_rotate_left1_and_xor_5a(
2073 c[((size_t)1U + (size_t)4U) % (size_t)5U],
2074 c[((size_t)1U + (size_t)1U) % (size_t)5U]);
2075 uint64_t uu____2 = libcrux_sha3_portable_keccak_rotate_left1_and_xor_5a(
2076 c[((size_t)2U + (size_t)4U) % (size_t)5U],
2077 c[((size_t)2U + (size_t)1U) % (size_t)5U]);
2078 uint64_t uu____3 = libcrux_sha3_portable_keccak_rotate_left1_and_xor_5a(
2079 c[((size_t)3U + (size_t)4U) % (size_t)5U],
2080 c[((size_t)3U + (size_t)1U) % (size_t)5U]);
2081 uint64_t t[5U] = {uu____0, uu____1, uu____2, uu____3,
2082 libcrux_sha3_portable_keccak_rotate_left1_and_xor_5a(
2083 c[((size_t)4U + (size_t)4U) % (size_t)5U],
2084 c[((size_t)4U + (size_t)1U) % (size_t)5U])};
2085 s->st[0U][0U] = libcrux_sha3_portable_keccak_xor_5a(s->st[0U][0U], t[0U]);
2086 s->st[1U][0U] =
2087 libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb(s->st[1U][0U], t[0U]);
2088 s->st[2U][0U] =
2089 libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb0(s->st[2U][0U], t[0U]);
2090 s->st[3U][0U] =
2091 libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb1(s->st[3U][0U], t[0U]);
2092 s->st[4U][0U] =
2093 libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb2(s->st[4U][0U], t[0U]);
2094 s->st[0U][1U] =
2095 libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb3(s->st[0U][1U], t[1U]);
2096 s->st[1U][1U] =
2097 libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb4(s->st[1U][1U], t[1U]);
2098 s->st[2U][1U] =
2099 libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb5(s->st[2U][1U], t[1U]);
2100 s->st[3U][1U] =
2101 libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb6(s->st[3U][1U], t[1U]);
2102 s->st[4U][1U] =
2103 libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb7(s->st[4U][1U], t[1U]);
2104 s->st[0U][2U] =
2105 libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb8(s->st[0U][2U], t[2U]);
2106 s->st[1U][2U] =
2107 libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb9(s->st[1U][2U], t[2U]);
2108 s->st[2U][2U] =
2109 libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb10(s->st[2U][2U], t[2U]);
2110 s->st[3U][2U] =
2111 libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb11(s->st[3U][2U], t[2U]);
2112 s->st[4U][2U] =
2113 libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb12(s->st[4U][2U], t[2U]);
2114 s->st[0U][3U] =
2115 libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb13(s->st[0U][3U], t[3U]);
2116 s->st[1U][3U] =
2117 libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb14(s->st[1U][3U], t[3U]);
2118 s->st[2U][3U] =
2119 libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb15(s->st[2U][3U], t[3U]);
2120 s->st[3U][3U] =
2121 libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb16(s->st[3U][3U], t[3U]);
2122 s->st[4U][3U] =
2123 libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb17(s->st[4U][3U], t[3U]);
2124 s->st[0U][4U] =
2125 libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb18(s->st[0U][4U], t[4U]);
2126 s->st[1U][4U] =
2127 libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb19(s->st[1U][4U], t[4U]);
2128 s->st[2U][4U] =
2129 libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb20(s->st[2U][4U], t[4U]);
2130 s->st[3U][4U] =
2131 libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb21(s->st[3U][4U], t[4U]);
2132 uint64_t uu____27 =
2133 libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb22(s->st[4U][4U], t[4U]);
2134 s->st[4U][4U] = uu____27;
2135 }
2136
2137 /**
2138 A monomorphic instance of libcrux_sha3.generic_keccak.pi
2139 with types uint64_t
2140 with const generics
2141 - N= 1
2142 */
libcrux_sha3_generic_keccak_pi_1d(libcrux_sha3_generic_keccak_KeccakState_48 * s)2143 static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_pi_1d(
2144 libcrux_sha3_generic_keccak_KeccakState_48 *s) {
2145 uint64_t old[5U][5U];
2146 memcpy(old, s->st, (size_t)5U * sizeof(uint64_t[5U]));
2147 s->st[0U][1U] = old[1U][1U];
2148 s->st[0U][2U] = old[2U][2U];
2149 s->st[0U][3U] = old[3U][3U];
2150 s->st[0U][4U] = old[4U][4U];
2151 s->st[1U][0U] = old[0U][3U];
2152 s->st[1U][1U] = old[1U][4U];
2153 s->st[1U][2U] = old[2U][0U];
2154 s->st[1U][3U] = old[3U][1U];
2155 s->st[1U][4U] = old[4U][2U];
2156 s->st[2U][0U] = old[0U][1U];
2157 s->st[2U][1U] = old[1U][2U];
2158 s->st[2U][2U] = old[2U][3U];
2159 s->st[2U][3U] = old[3U][4U];
2160 s->st[2U][4U] = old[4U][0U];
2161 s->st[3U][0U] = old[0U][4U];
2162 s->st[3U][1U] = old[1U][0U];
2163 s->st[3U][2U] = old[2U][1U];
2164 s->st[3U][3U] = old[3U][2U];
2165 s->st[3U][4U] = old[4U][3U];
2166 s->st[4U][0U] = old[0U][2U];
2167 s->st[4U][1U] = old[1U][3U];
2168 s->st[4U][2U] = old[2U][4U];
2169 s->st[4U][3U] = old[3U][0U];
2170 s->st[4U][4U] = old[4U][1U];
2171 }
2172
2173 /**
2174 A monomorphic instance of libcrux_sha3.generic_keccak.chi
2175 with types uint64_t
2176 with const generics
2177 - N= 1
2178 */
libcrux_sha3_generic_keccak_chi_12(libcrux_sha3_generic_keccak_KeccakState_48 * s)2179 static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_chi_12(
2180 libcrux_sha3_generic_keccak_KeccakState_48 *s) {
2181 uint64_t old[5U][5U];
2182 memcpy(old, s->st, (size_t)5U * sizeof(uint64_t[5U]));
2183 for (size_t i0 = (size_t)0U; i0 < (size_t)5U; i0++) {
2184 size_t i1 = i0;
2185 for (size_t i = (size_t)0U; i < (size_t)5U; i++) {
2186 size_t j = i;
2187 s->st[i1][j] = libcrux_sha3_portable_keccak_and_not_xor_5a(
2188 s->st[i1][j], old[i1][(j + (size_t)2U) % (size_t)5U],
2189 old[i1][(j + (size_t)1U) % (size_t)5U]);
2190 }
2191 }
2192 }
2193
2194 /**
2195 A monomorphic instance of libcrux_sha3.generic_keccak.iota
2196 with types uint64_t
2197 with const generics
2198 - N= 1
2199 */
libcrux_sha3_generic_keccak_iota_62(libcrux_sha3_generic_keccak_KeccakState_48 * s,size_t i)2200 static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_iota_62(
2201 libcrux_sha3_generic_keccak_KeccakState_48 *s, size_t i) {
2202 s->st[0U][0U] = libcrux_sha3_portable_keccak_xor_constant_5a(
2203 s->st[0U][0U], libcrux_sha3_generic_keccak_ROUNDCONSTANTS[i]);
2204 }
2205
2206 /**
2207 A monomorphic instance of libcrux_sha3.generic_keccak.keccakf1600
2208 with types uint64_t
2209 with const generics
2210 - N= 1
2211 */
libcrux_sha3_generic_keccak_keccakf1600_21(libcrux_sha3_generic_keccak_KeccakState_48 * s)2212 static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccakf1600_21(
2213 libcrux_sha3_generic_keccak_KeccakState_48 *s) {
2214 for (size_t i = (size_t)0U; i < (size_t)24U; i++) {
2215 size_t i0 = i;
2216 libcrux_sha3_generic_keccak_theta_rho_16(s);
2217 libcrux_sha3_generic_keccak_pi_1d(s);
2218 libcrux_sha3_generic_keccak_chi_12(s);
2219 libcrux_sha3_generic_keccak_iota_62(s, i0);
2220 }
2221 }
2222
2223 /**
2224 A monomorphic instance of libcrux_sha3.generic_keccak.absorb_block
2225 with types uint64_t
2226 with const generics
2227 - N= 1
2228 - RATE= 72
2229 */
libcrux_sha3_generic_keccak_absorb_block_df(libcrux_sha3_generic_keccak_KeccakState_48 * s,Eurydice_slice blocks[1U])2230 static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_df(
2231 libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice blocks[1U]) {
2232 uint64_t(*uu____0)[5U] = s->st;
2233 Eurydice_slice uu____1[1U];
2234 memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice));
2235 libcrux_sha3_portable_keccak_load_block_5a_b8(uu____0, uu____1);
2236 libcrux_sha3_generic_keccak_keccakf1600_21(s);
2237 }
2238
2239 /**
2240 A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full
2241 with const generics
2242 - RATE= 72
2243 */
libcrux_sha3_portable_keccak_load_block_full_df(uint64_t (* s)[5U],uint8_t blocks[1U][200U])2244 static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_df(
2245 uint64_t (*s)[5U], uint8_t blocks[1U][200U]) {
2246 Eurydice_slice buf[1U] = {
2247 Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t)};
2248 libcrux_sha3_portable_keccak_load_block_2c(s, buf);
2249 }
2250
2251 /**
2252 This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1:
2253 usize> for u64)}
2254 */
2255 /**
2256 A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full_5a
2257 with const generics
2258 - RATE= 72
2259 */
libcrux_sha3_portable_keccak_load_block_full_5a_d2(uint64_t (* a)[5U],uint8_t b[1U][200U])2260 static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_d2(
2261 uint64_t (*a)[5U], uint8_t b[1U][200U]) {
2262 uint64_t(*uu____0)[5U] = a;
2263 /* Passing arrays by value in Rust generates a copy in C */
2264 uint8_t copy_of_b[1U][200U];
2265 memcpy(copy_of_b, b, (size_t)1U * sizeof(uint8_t[200U]));
2266 libcrux_sha3_portable_keccak_load_block_full_df(uu____0, copy_of_b);
2267 }
2268
2269 /**
2270 A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final
2271 with types uint64_t
2272 with const generics
2273 - N= 1
2274 - RATE= 72
2275 - DELIM= 6
2276 */
libcrux_sha3_generic_keccak_absorb_final_c7(libcrux_sha3_generic_keccak_KeccakState_48 * s,Eurydice_slice last[1U])2277 static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_c7(
2278 libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) {
2279 size_t last_len = Eurydice_slice_len(last[0U], uint8_t);
2280 uint8_t blocks[1U][200U] = {{0U}};
2281 for (size_t i = (size_t)0U; i < (size_t)1U; i++) {
2282 size_t i0 = i;
2283 if (last_len > (size_t)0U) {
2284 Eurydice_slice uu____0 = Eurydice_array_to_subslice2(
2285 blocks[i0], (size_t)0U, last_len, uint8_t);
2286 Eurydice_slice_copy(uu____0, last[i0], uint8_t);
2287 }
2288 blocks[i0][last_len] = 6U;
2289 size_t uu____1 = i0;
2290 size_t uu____2 = (size_t)72U - (size_t)1U;
2291 blocks[uu____1][uu____2] = (uint32_t)blocks[uu____1][uu____2] | 128U;
2292 }
2293 uint64_t(*uu____3)[5U] = s->st;
2294 uint8_t uu____4[1U][200U];
2295 memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U]));
2296 libcrux_sha3_portable_keccak_load_block_full_5a_d2(uu____3, uu____4);
2297 libcrux_sha3_generic_keccak_keccakf1600_21(s);
2298 }
2299
2300 /**
2301 A monomorphic instance of libcrux_sha3.portable_keccak.store_block
2302 with const generics
2303 - RATE= 72
2304 */
libcrux_sha3_portable_keccak_store_block_58(uint64_t (* s)[5U],Eurydice_slice out[1U])2305 static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_58(
2306 uint64_t (*s)[5U], Eurydice_slice out[1U]) {
2307 for (size_t i = (size_t)0U; i < (size_t)72U / (size_t)8U; i++) {
2308 size_t i0 = i;
2309 Eurydice_slice uu____0 = Eurydice_slice_subslice2(
2310 out[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t);
2311 uint8_t ret[8U];
2312 core_num__u64_9__to_le_bytes(s[i0 / (size_t)5U][i0 % (size_t)5U], ret);
2313 Eurydice_slice_copy(
2314 uu____0, Eurydice_array_to_slice((size_t)8U, ret, uint8_t), uint8_t);
2315 }
2316 }
2317
2318 /**
2319 A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full
2320 with const generics
2321 - RATE= 72
2322 */
libcrux_sha3_portable_keccak_store_block_full_2d(uint64_t (* s)[5U],uint8_t ret[1U][200U])2323 static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_2d(
2324 uint64_t (*s)[5U], uint8_t ret[1U][200U]) {
2325 uint8_t out[200U] = {0U};
2326 Eurydice_slice buf[1U] = {
2327 Eurydice_array_to_slice((size_t)200U, out, uint8_t)};
2328 libcrux_sha3_portable_keccak_store_block_58(s, buf);
2329 /* Passing arrays by value in Rust generates a copy in C */
2330 uint8_t copy_of_out[200U];
2331 memcpy(copy_of_out, out, (size_t)200U * sizeof(uint8_t));
2332 memcpy(ret[0U], copy_of_out, (size_t)200U * sizeof(uint8_t));
2333 }
2334
2335 /**
2336 This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1:
2337 usize> for u64)}
2338 */
2339 /**
2340 A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full_5a
2341 with const generics
2342 - RATE= 72
2343 */
libcrux_sha3_portable_keccak_store_block_full_5a_29(uint64_t (* a)[5U],uint8_t ret[1U][200U])2344 static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_5a_29(
2345 uint64_t (*a)[5U], uint8_t ret[1U][200U]) {
2346 libcrux_sha3_portable_keccak_store_block_full_2d(a, ret);
2347 }
2348
2349 /**
2350 A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_and_last
2351 with types uint64_t
2352 with const generics
2353 - N= 1
2354 - RATE= 72
2355 */
2356 static KRML_MUSTINLINE void
libcrux_sha3_generic_keccak_squeeze_first_and_last_c5(libcrux_sha3_generic_keccak_KeccakState_48 * s,Eurydice_slice out[1U])2357 libcrux_sha3_generic_keccak_squeeze_first_and_last_c5(
2358 libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) {
2359 uint8_t b[1U][200U];
2360 libcrux_sha3_portable_keccak_store_block_full_5a_29(s->st, b);
2361 for (size_t i = (size_t)0U; i < (size_t)1U; i++) {
2362 size_t i0 = i;
2363 Eurydice_slice uu____0 = out[i0];
2364 uint8_t *uu____1 = b[i0];
2365 core_ops_range_Range_b3 lit;
2366 lit.start = (size_t)0U;
2367 lit.end = Eurydice_slice_len(out[i0], uint8_t);
2368 Eurydice_slice_copy(
2369 uu____0,
2370 Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t,
2371 core_ops_range_Range_b3),
2372 uint8_t);
2373 }
2374 }
2375
2376 /**
2377 This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1:
2378 usize> for u64)}
2379 */
2380 /**
2381 A monomorphic instance of libcrux_sha3.portable_keccak.store_block_5a
2382 with const generics
2383 - RATE= 72
2384 */
libcrux_sha3_portable_keccak_store_block_5a_59(uint64_t (* a)[5U],Eurydice_slice b[1U])2385 static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_59(
2386 uint64_t (*a)[5U], Eurydice_slice b[1U]) {
2387 libcrux_sha3_portable_keccak_store_block_58(a, b);
2388 }
2389
2390 /**
2391 A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_block
2392 with types uint64_t
2393 with const generics
2394 - N= 1
2395 - RATE= 72
2396 */
libcrux_sha3_generic_keccak_squeeze_first_block_84(libcrux_sha3_generic_keccak_KeccakState_48 * s,Eurydice_slice out[1U])2397 static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_84(
2398 libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) {
2399 libcrux_sha3_portable_keccak_store_block_5a_59(s->st, out);
2400 }
2401
2402 /**
2403 A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_next_block
2404 with types uint64_t
2405 with const generics
2406 - N= 1
2407 - RATE= 72
2408 */
libcrux_sha3_generic_keccak_squeeze_next_block_fc(libcrux_sha3_generic_keccak_KeccakState_48 * s,Eurydice_slice out[1U])2409 static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_fc(
2410 libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) {
2411 libcrux_sha3_generic_keccak_keccakf1600_21(s);
2412 libcrux_sha3_portable_keccak_store_block_5a_59(s->st, out);
2413 }
2414
2415 /**
2416 A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_last
2417 with types uint64_t
2418 with const generics
2419 - N= 1
2420 - RATE= 72
2421 */
libcrux_sha3_generic_keccak_squeeze_last_cf(libcrux_sha3_generic_keccak_KeccakState_48 s,Eurydice_slice out[1U])2422 static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_cf(
2423 libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) {
2424 libcrux_sha3_generic_keccak_keccakf1600_21(&s);
2425 uint8_t b[1U][200U];
2426 libcrux_sha3_portable_keccak_store_block_full_5a_29(s.st, b);
2427 for (size_t i = (size_t)0U; i < (size_t)1U; i++) {
2428 size_t i0 = i;
2429 Eurydice_slice uu____0 = out[i0];
2430 uint8_t *uu____1 = b[i0];
2431 core_ops_range_Range_b3 lit;
2432 lit.start = (size_t)0U;
2433 lit.end = Eurydice_slice_len(out[i0], uint8_t);
2434 Eurydice_slice_copy(
2435 uu____0,
2436 Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t,
2437 core_ops_range_Range_b3),
2438 uint8_t);
2439 }
2440 }
2441
2442 /**
2443 A monomorphic instance of libcrux_sha3.generic_keccak.keccak
2444 with types uint64_t
2445 with const generics
2446 - N= 1
2447 - RATE= 72
2448 - DELIM= 6
2449 */
libcrux_sha3_generic_keccak_keccak_e9(Eurydice_slice data[1U],Eurydice_slice out[1U])2450 static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_e9(
2451 Eurydice_slice data[1U], Eurydice_slice out[1U]) {
2452 libcrux_sha3_generic_keccak_KeccakState_48 s =
2453 libcrux_sha3_generic_keccak_new_1e_f4();
2454 for (size_t i = (size_t)0U;
2455 i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)72U; i++) {
2456 size_t i0 = i;
2457 libcrux_sha3_generic_keccak_KeccakState_48 *uu____0 = &s;
2458 /* Passing arrays by value in Rust generates a copy in C */
2459 Eurydice_slice copy_of_data[1U];
2460 memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice));
2461 Eurydice_slice ret[1U];
2462 libcrux_sha3_portable_keccak_slice_n_5a(copy_of_data, i0 * (size_t)72U,
2463 (size_t)72U, ret);
2464 libcrux_sha3_generic_keccak_absorb_block_df(uu____0, ret);
2465 }
2466 size_t rem = Eurydice_slice_len(data[0U], uint8_t) % (size_t)72U;
2467 libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s;
2468 /* Passing arrays by value in Rust generates a copy in C */
2469 Eurydice_slice copy_of_data[1U];
2470 memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice));
2471 Eurydice_slice ret[1U];
2472 libcrux_sha3_portable_keccak_slice_n_5a(
2473 copy_of_data, Eurydice_slice_len(data[0U], uint8_t) - rem, rem, ret);
2474 libcrux_sha3_generic_keccak_absorb_final_c7(uu____2, ret);
2475 size_t outlen = Eurydice_slice_len(out[0U], uint8_t);
2476 size_t blocks = outlen / (size_t)72U;
2477 size_t last = outlen - outlen % (size_t)72U;
2478 if (blocks == (size_t)0U) {
2479 libcrux_sha3_generic_keccak_squeeze_first_and_last_c5(&s, out);
2480 } else {
2481 Eurydice_slice_uint8_t_1size_t__x2 uu____4 =
2482 libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)72U);
2483 Eurydice_slice o0[1U];
2484 memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice));
2485 Eurydice_slice o1[1U];
2486 memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice));
2487 libcrux_sha3_generic_keccak_squeeze_first_block_84(&s, o0);
2488 core_ops_range_Range_b3 iter =
2489 core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter(
2490 (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U,
2491 .end = blocks}),
2492 core_ops_range_Range_b3, core_ops_range_Range_b3);
2493 while (true) {
2494 if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next(
2495 &iter, size_t, Option_b3)
2496 .tag == None) {
2497 break;
2498 } else {
2499 Eurydice_slice_uint8_t_1size_t__x2 uu____5 =
2500 libcrux_sha3_portable_keccak_split_at_mut_n_5a(o1, (size_t)72U);
2501 Eurydice_slice o[1U];
2502 memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice));
2503 Eurydice_slice orest[1U];
2504 memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice));
2505 libcrux_sha3_generic_keccak_squeeze_next_block_fc(&s, o);
2506 memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice));
2507 }
2508 }
2509 if (last < outlen) {
2510 libcrux_sha3_generic_keccak_squeeze_last_cf(s, o1);
2511 }
2512 }
2513 }
2514
2515 /**
2516 A monomorphic instance of libcrux_sha3.portable.keccakx1
2517 with const generics
2518 - RATE= 72
2519 - DELIM= 6
2520 */
libcrux_sha3_portable_keccakx1_ce(Eurydice_slice data[1U],Eurydice_slice out[1U])2521 static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_ce(
2522 Eurydice_slice data[1U], Eurydice_slice out[1U]) {
2523 /* Passing arrays by value in Rust generates a copy in C */
2524 Eurydice_slice copy_of_data[1U];
2525 memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice));
2526 libcrux_sha3_generic_keccak_keccak_e9(copy_of_data, out);
2527 }
2528
2529 /**
2530 A portable SHA3 512 implementation.
2531 */
libcrux_sha3_portable_sha512(Eurydice_slice digest,Eurydice_slice data)2532 static KRML_MUSTINLINE void libcrux_sha3_portable_sha512(Eurydice_slice digest,
2533 Eurydice_slice data) {
2534 Eurydice_slice buf0[1U] = {data};
2535 Eurydice_slice buf[1U] = {digest};
2536 libcrux_sha3_portable_keccakx1_ce(buf0, buf);
2537 }
2538
2539 /**
2540 A monomorphic instance of libcrux_sha3.portable_keccak.load_block
2541 with const generics
2542 - RATE= 136
2543 */
libcrux_sha3_portable_keccak_load_block_2c0(uint64_t (* s)[5U],Eurydice_slice blocks[1U])2544 static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_2c0(
2545 uint64_t (*s)[5U], Eurydice_slice blocks[1U]) {
2546 for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)8U; i++) {
2547 size_t i0 = i;
2548 uint8_t uu____0[8U];
2549 Result_56 dst;
2550 Eurydice_slice_to_array2(
2551 &dst,
2552 Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0,
2553 (size_t)8U * i0 + (size_t)8U, uint8_t),
2554 Eurydice_slice, uint8_t[8U]);
2555 unwrap_41_ac(dst, uu____0);
2556 size_t uu____1 = i0 / (size_t)5U;
2557 size_t uu____2 = i0 % (size_t)5U;
2558 s[uu____1][uu____2] =
2559 s[uu____1][uu____2] ^ core_num__u64_9__from_le_bytes(uu____0);
2560 }
2561 }
2562
2563 /**
2564 This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1:
2565 usize> for u64)}
2566 */
2567 /**
2568 A monomorphic instance of libcrux_sha3.portable_keccak.load_block_5a
2569 with const generics
2570 - RATE= 136
2571 */
libcrux_sha3_portable_keccak_load_block_5a_b80(uint64_t (* a)[5U],Eurydice_slice b[1U])2572 static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_b80(
2573 uint64_t (*a)[5U], Eurydice_slice b[1U]) {
2574 uint64_t(*uu____0)[5U] = a;
2575 /* Passing arrays by value in Rust generates a copy in C */
2576 Eurydice_slice copy_of_b[1U];
2577 memcpy(copy_of_b, b, (size_t)1U * sizeof(Eurydice_slice));
2578 libcrux_sha3_portable_keccak_load_block_2c0(uu____0, copy_of_b);
2579 }
2580
2581 /**
2582 A monomorphic instance of libcrux_sha3.generic_keccak.absorb_block
2583 with types uint64_t
2584 with const generics
2585 - N= 1
2586 - RATE= 136
2587 */
libcrux_sha3_generic_keccak_absorb_block_df0(libcrux_sha3_generic_keccak_KeccakState_48 * s,Eurydice_slice blocks[1U])2588 static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_df0(
2589 libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice blocks[1U]) {
2590 uint64_t(*uu____0)[5U] = s->st;
2591 Eurydice_slice uu____1[1U];
2592 memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice));
2593 libcrux_sha3_portable_keccak_load_block_5a_b80(uu____0, uu____1);
2594 libcrux_sha3_generic_keccak_keccakf1600_21(s);
2595 }
2596
2597 /**
2598 A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full
2599 with const generics
2600 - RATE= 136
2601 */
libcrux_sha3_portable_keccak_load_block_full_df0(uint64_t (* s)[5U],uint8_t blocks[1U][200U])2602 static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_df0(
2603 uint64_t (*s)[5U], uint8_t blocks[1U][200U]) {
2604 Eurydice_slice buf[1U] = {
2605 Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t)};
2606 libcrux_sha3_portable_keccak_load_block_2c0(s, buf);
2607 }
2608
2609 /**
2610 This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1:
2611 usize> for u64)}
2612 */
2613 /**
2614 A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full_5a
2615 with const generics
2616 - RATE= 136
2617 */
libcrux_sha3_portable_keccak_load_block_full_5a_d20(uint64_t (* a)[5U],uint8_t b[1U][200U])2618 static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_d20(
2619 uint64_t (*a)[5U], uint8_t b[1U][200U]) {
2620 uint64_t(*uu____0)[5U] = a;
2621 /* Passing arrays by value in Rust generates a copy in C */
2622 uint8_t copy_of_b[1U][200U];
2623 memcpy(copy_of_b, b, (size_t)1U * sizeof(uint8_t[200U]));
2624 libcrux_sha3_portable_keccak_load_block_full_df0(uu____0, copy_of_b);
2625 }
2626
2627 /**
2628 A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final
2629 with types uint64_t
2630 with const generics
2631 - N= 1
2632 - RATE= 136
2633 - DELIM= 6
2634 */
libcrux_sha3_generic_keccak_absorb_final_c70(libcrux_sha3_generic_keccak_KeccakState_48 * s,Eurydice_slice last[1U])2635 static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_c70(
2636 libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) {
2637 size_t last_len = Eurydice_slice_len(last[0U], uint8_t);
2638 uint8_t blocks[1U][200U] = {{0U}};
2639 for (size_t i = (size_t)0U; i < (size_t)1U; i++) {
2640 size_t i0 = i;
2641 if (last_len > (size_t)0U) {
2642 Eurydice_slice uu____0 = Eurydice_array_to_subslice2(
2643 blocks[i0], (size_t)0U, last_len, uint8_t);
2644 Eurydice_slice_copy(uu____0, last[i0], uint8_t);
2645 }
2646 blocks[i0][last_len] = 6U;
2647 size_t uu____1 = i0;
2648 size_t uu____2 = (size_t)136U - (size_t)1U;
2649 blocks[uu____1][uu____2] = (uint32_t)blocks[uu____1][uu____2] | 128U;
2650 }
2651 uint64_t(*uu____3)[5U] = s->st;
2652 uint8_t uu____4[1U][200U];
2653 memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U]));
2654 libcrux_sha3_portable_keccak_load_block_full_5a_d20(uu____3, uu____4);
2655 libcrux_sha3_generic_keccak_keccakf1600_21(s);
2656 }
2657
2658 /**
2659 A monomorphic instance of libcrux_sha3.portable_keccak.store_block
2660 with const generics
2661 - RATE= 136
2662 */
libcrux_sha3_portable_keccak_store_block_580(uint64_t (* s)[5U],Eurydice_slice out[1U])2663 static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_580(
2664 uint64_t (*s)[5U], Eurydice_slice out[1U]) {
2665 for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)8U; i++) {
2666 size_t i0 = i;
2667 Eurydice_slice uu____0 = Eurydice_slice_subslice2(
2668 out[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t);
2669 uint8_t ret[8U];
2670 core_num__u64_9__to_le_bytes(s[i0 / (size_t)5U][i0 % (size_t)5U], ret);
2671 Eurydice_slice_copy(
2672 uu____0, Eurydice_array_to_slice((size_t)8U, ret, uint8_t), uint8_t);
2673 }
2674 }
2675
2676 /**
2677 A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full
2678 with const generics
2679 - RATE= 136
2680 */
libcrux_sha3_portable_keccak_store_block_full_2d0(uint64_t (* s)[5U],uint8_t ret[1U][200U])2681 static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_2d0(
2682 uint64_t (*s)[5U], uint8_t ret[1U][200U]) {
2683 uint8_t out[200U] = {0U};
2684 Eurydice_slice buf[1U] = {
2685 Eurydice_array_to_slice((size_t)200U, out, uint8_t)};
2686 libcrux_sha3_portable_keccak_store_block_580(s, buf);
2687 /* Passing arrays by value in Rust generates a copy in C */
2688 uint8_t copy_of_out[200U];
2689 memcpy(copy_of_out, out, (size_t)200U * sizeof(uint8_t));
2690 memcpy(ret[0U], copy_of_out, (size_t)200U * sizeof(uint8_t));
2691 }
2692
2693 /**
2694 This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1:
2695 usize> for u64)}
2696 */
2697 /**
2698 A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full_5a
2699 with const generics
2700 - RATE= 136
2701 */
2702 static KRML_MUSTINLINE void
libcrux_sha3_portable_keccak_store_block_full_5a_290(uint64_t (* a)[5U],uint8_t ret[1U][200U])2703 libcrux_sha3_portable_keccak_store_block_full_5a_290(uint64_t (*a)[5U],
2704 uint8_t ret[1U][200U]) {
2705 libcrux_sha3_portable_keccak_store_block_full_2d0(a, ret);
2706 }
2707
2708 /**
2709 A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_and_last
2710 with types uint64_t
2711 with const generics
2712 - N= 1
2713 - RATE= 136
2714 */
2715 static KRML_MUSTINLINE void
libcrux_sha3_generic_keccak_squeeze_first_and_last_c50(libcrux_sha3_generic_keccak_KeccakState_48 * s,Eurydice_slice out[1U])2716 libcrux_sha3_generic_keccak_squeeze_first_and_last_c50(
2717 libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) {
2718 uint8_t b[1U][200U];
2719 libcrux_sha3_portable_keccak_store_block_full_5a_290(s->st, b);
2720 for (size_t i = (size_t)0U; i < (size_t)1U; i++) {
2721 size_t i0 = i;
2722 Eurydice_slice uu____0 = out[i0];
2723 uint8_t *uu____1 = b[i0];
2724 core_ops_range_Range_b3 lit;
2725 lit.start = (size_t)0U;
2726 lit.end = Eurydice_slice_len(out[i0], uint8_t);
2727 Eurydice_slice_copy(
2728 uu____0,
2729 Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t,
2730 core_ops_range_Range_b3),
2731 uint8_t);
2732 }
2733 }
2734
2735 /**
2736 This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1:
2737 usize> for u64)}
2738 */
2739 /**
2740 A monomorphic instance of libcrux_sha3.portable_keccak.store_block_5a
2741 with const generics
2742 - RATE= 136
2743 */
libcrux_sha3_portable_keccak_store_block_5a_590(uint64_t (* a)[5U],Eurydice_slice b[1U])2744 static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_590(
2745 uint64_t (*a)[5U], Eurydice_slice b[1U]) {
2746 libcrux_sha3_portable_keccak_store_block_580(a, b);
2747 }
2748
2749 /**
2750 A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_block
2751 with types uint64_t
2752 with const generics
2753 - N= 1
2754 - RATE= 136
2755 */
libcrux_sha3_generic_keccak_squeeze_first_block_840(libcrux_sha3_generic_keccak_KeccakState_48 * s,Eurydice_slice out[1U])2756 static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_840(
2757 libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) {
2758 libcrux_sha3_portable_keccak_store_block_5a_590(s->st, out);
2759 }
2760
2761 /**
2762 A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_next_block
2763 with types uint64_t
2764 with const generics
2765 - N= 1
2766 - RATE= 136
2767 */
libcrux_sha3_generic_keccak_squeeze_next_block_fc0(libcrux_sha3_generic_keccak_KeccakState_48 * s,Eurydice_slice out[1U])2768 static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_fc0(
2769 libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) {
2770 libcrux_sha3_generic_keccak_keccakf1600_21(s);
2771 libcrux_sha3_portable_keccak_store_block_5a_590(s->st, out);
2772 }
2773
2774 /**
2775 A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_last
2776 with types uint64_t
2777 with const generics
2778 - N= 1
2779 - RATE= 136
2780 */
libcrux_sha3_generic_keccak_squeeze_last_cf0(libcrux_sha3_generic_keccak_KeccakState_48 s,Eurydice_slice out[1U])2781 static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_cf0(
2782 libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) {
2783 libcrux_sha3_generic_keccak_keccakf1600_21(&s);
2784 uint8_t b[1U][200U];
2785 libcrux_sha3_portable_keccak_store_block_full_5a_290(s.st, b);
2786 for (size_t i = (size_t)0U; i < (size_t)1U; i++) {
2787 size_t i0 = i;
2788 Eurydice_slice uu____0 = out[i0];
2789 uint8_t *uu____1 = b[i0];
2790 core_ops_range_Range_b3 lit;
2791 lit.start = (size_t)0U;
2792 lit.end = Eurydice_slice_len(out[i0], uint8_t);
2793 Eurydice_slice_copy(
2794 uu____0,
2795 Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t,
2796 core_ops_range_Range_b3),
2797 uint8_t);
2798 }
2799 }
2800
2801 /**
2802 A monomorphic instance of libcrux_sha3.generic_keccak.keccak
2803 with types uint64_t
2804 with const generics
2805 - N= 1
2806 - RATE= 136
2807 - DELIM= 6
2808 */
libcrux_sha3_generic_keccak_keccak_e90(Eurydice_slice data[1U],Eurydice_slice out[1U])2809 static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_e90(
2810 Eurydice_slice data[1U], Eurydice_slice out[1U]) {
2811 libcrux_sha3_generic_keccak_KeccakState_48 s =
2812 libcrux_sha3_generic_keccak_new_1e_f4();
2813 for (size_t i = (size_t)0U;
2814 i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)136U; i++) {
2815 size_t i0 = i;
2816 libcrux_sha3_generic_keccak_KeccakState_48 *uu____0 = &s;
2817 /* Passing arrays by value in Rust generates a copy in C */
2818 Eurydice_slice copy_of_data[1U];
2819 memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice));
2820 Eurydice_slice ret[1U];
2821 libcrux_sha3_portable_keccak_slice_n_5a(copy_of_data, i0 * (size_t)136U,
2822 (size_t)136U, ret);
2823 libcrux_sha3_generic_keccak_absorb_block_df0(uu____0, ret);
2824 }
2825 size_t rem = Eurydice_slice_len(data[0U], uint8_t) % (size_t)136U;
2826 libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s;
2827 /* Passing arrays by value in Rust generates a copy in C */
2828 Eurydice_slice copy_of_data[1U];
2829 memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice));
2830 Eurydice_slice ret[1U];
2831 libcrux_sha3_portable_keccak_slice_n_5a(
2832 copy_of_data, Eurydice_slice_len(data[0U], uint8_t) - rem, rem, ret);
2833 libcrux_sha3_generic_keccak_absorb_final_c70(uu____2, ret);
2834 size_t outlen = Eurydice_slice_len(out[0U], uint8_t);
2835 size_t blocks = outlen / (size_t)136U;
2836 size_t last = outlen - outlen % (size_t)136U;
2837 if (blocks == (size_t)0U) {
2838 libcrux_sha3_generic_keccak_squeeze_first_and_last_c50(&s, out);
2839 } else {
2840 Eurydice_slice_uint8_t_1size_t__x2 uu____4 =
2841 libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)136U);
2842 Eurydice_slice o0[1U];
2843 memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice));
2844 Eurydice_slice o1[1U];
2845 memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice));
2846 libcrux_sha3_generic_keccak_squeeze_first_block_840(&s, o0);
2847 core_ops_range_Range_b3 iter =
2848 core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter(
2849 (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U,
2850 .end = blocks}),
2851 core_ops_range_Range_b3, core_ops_range_Range_b3);
2852 while (true) {
2853 if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next(
2854 &iter, size_t, Option_b3)
2855 .tag == None) {
2856 break;
2857 } else {
2858 Eurydice_slice_uint8_t_1size_t__x2 uu____5 =
2859 libcrux_sha3_portable_keccak_split_at_mut_n_5a(o1, (size_t)136U);
2860 Eurydice_slice o[1U];
2861 memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice));
2862 Eurydice_slice orest[1U];
2863 memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice));
2864 libcrux_sha3_generic_keccak_squeeze_next_block_fc0(&s, o);
2865 memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice));
2866 }
2867 }
2868 if (last < outlen) {
2869 libcrux_sha3_generic_keccak_squeeze_last_cf0(s, o1);
2870 }
2871 }
2872 }
2873
2874 /**
2875 A monomorphic instance of libcrux_sha3.portable.keccakx1
2876 with const generics
2877 - RATE= 136
2878 - DELIM= 6
2879 */
libcrux_sha3_portable_keccakx1_ce0(Eurydice_slice data[1U],Eurydice_slice out[1U])2880 static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_ce0(
2881 Eurydice_slice data[1U], Eurydice_slice out[1U]) {
2882 /* Passing arrays by value in Rust generates a copy in C */
2883 Eurydice_slice copy_of_data[1U];
2884 memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice));
2885 libcrux_sha3_generic_keccak_keccak_e90(copy_of_data, out);
2886 }
2887
2888 /**
2889 A portable SHA3 256 implementation.
2890 */
libcrux_sha3_portable_sha256(Eurydice_slice digest,Eurydice_slice data)2891 static KRML_MUSTINLINE void libcrux_sha3_portable_sha256(Eurydice_slice digest,
2892 Eurydice_slice data) {
2893 Eurydice_slice buf0[1U] = {data};
2894 Eurydice_slice buf[1U] = {digest};
2895 libcrux_sha3_portable_keccakx1_ce0(buf0, buf);
2896 }
2897
2898 /**
2899 A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final
2900 with types uint64_t
2901 with const generics
2902 - N= 1
2903 - RATE= 136
2904 - DELIM= 31
2905 */
libcrux_sha3_generic_keccak_absorb_final_c71(libcrux_sha3_generic_keccak_KeccakState_48 * s,Eurydice_slice last[1U])2906 static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_c71(
2907 libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) {
2908 size_t last_len = Eurydice_slice_len(last[0U], uint8_t);
2909 uint8_t blocks[1U][200U] = {{0U}};
2910 for (size_t i = (size_t)0U; i < (size_t)1U; i++) {
2911 size_t i0 = i;
2912 if (last_len > (size_t)0U) {
2913 Eurydice_slice uu____0 = Eurydice_array_to_subslice2(
2914 blocks[i0], (size_t)0U, last_len, uint8_t);
2915 Eurydice_slice_copy(uu____0, last[i0], uint8_t);
2916 }
2917 blocks[i0][last_len] = 31U;
2918 size_t uu____1 = i0;
2919 size_t uu____2 = (size_t)136U - (size_t)1U;
2920 blocks[uu____1][uu____2] = (uint32_t)blocks[uu____1][uu____2] | 128U;
2921 }
2922 uint64_t(*uu____3)[5U] = s->st;
2923 uint8_t uu____4[1U][200U];
2924 memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U]));
2925 libcrux_sha3_portable_keccak_load_block_full_5a_d20(uu____3, uu____4);
2926 libcrux_sha3_generic_keccak_keccakf1600_21(s);
2927 }
2928
2929 /**
2930 A monomorphic instance of libcrux_sha3.generic_keccak.keccak
2931 with types uint64_t
2932 with const generics
2933 - N= 1
2934 - RATE= 136
2935 - DELIM= 31
2936 */
libcrux_sha3_generic_keccak_keccak_e91(Eurydice_slice data[1U],Eurydice_slice out[1U])2937 static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_e91(
2938 Eurydice_slice data[1U], Eurydice_slice out[1U]) {
2939 libcrux_sha3_generic_keccak_KeccakState_48 s =
2940 libcrux_sha3_generic_keccak_new_1e_f4();
2941 for (size_t i = (size_t)0U;
2942 i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)136U; i++) {
2943 size_t i0 = i;
2944 libcrux_sha3_generic_keccak_KeccakState_48 *uu____0 = &s;
2945 /* Passing arrays by value in Rust generates a copy in C */
2946 Eurydice_slice copy_of_data[1U];
2947 memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice));
2948 Eurydice_slice ret[1U];
2949 libcrux_sha3_portable_keccak_slice_n_5a(copy_of_data, i0 * (size_t)136U,
2950 (size_t)136U, ret);
2951 libcrux_sha3_generic_keccak_absorb_block_df0(uu____0, ret);
2952 }
2953 size_t rem = Eurydice_slice_len(data[0U], uint8_t) % (size_t)136U;
2954 libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s;
2955 /* Passing arrays by value in Rust generates a copy in C */
2956 Eurydice_slice copy_of_data[1U];
2957 memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice));
2958 Eurydice_slice ret[1U];
2959 libcrux_sha3_portable_keccak_slice_n_5a(
2960 copy_of_data, Eurydice_slice_len(data[0U], uint8_t) - rem, rem, ret);
2961 libcrux_sha3_generic_keccak_absorb_final_c71(uu____2, ret);
2962 size_t outlen = Eurydice_slice_len(out[0U], uint8_t);
2963 size_t blocks = outlen / (size_t)136U;
2964 size_t last = outlen - outlen % (size_t)136U;
2965 if (blocks == (size_t)0U) {
2966 libcrux_sha3_generic_keccak_squeeze_first_and_last_c50(&s, out);
2967 } else {
2968 Eurydice_slice_uint8_t_1size_t__x2 uu____4 =
2969 libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)136U);
2970 Eurydice_slice o0[1U];
2971 memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice));
2972 Eurydice_slice o1[1U];
2973 memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice));
2974 libcrux_sha3_generic_keccak_squeeze_first_block_840(&s, o0);
2975 core_ops_range_Range_b3 iter =
2976 core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter(
2977 (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U,
2978 .end = blocks}),
2979 core_ops_range_Range_b3, core_ops_range_Range_b3);
2980 while (true) {
2981 if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next(
2982 &iter, size_t, Option_b3)
2983 .tag == None) {
2984 break;
2985 } else {
2986 Eurydice_slice_uint8_t_1size_t__x2 uu____5 =
2987 libcrux_sha3_portable_keccak_split_at_mut_n_5a(o1, (size_t)136U);
2988 Eurydice_slice o[1U];
2989 memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice));
2990 Eurydice_slice orest[1U];
2991 memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice));
2992 libcrux_sha3_generic_keccak_squeeze_next_block_fc0(&s, o);
2993 memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice));
2994 }
2995 }
2996 if (last < outlen) {
2997 libcrux_sha3_generic_keccak_squeeze_last_cf0(s, o1);
2998 }
2999 }
3000 }
3001
3002 /**
3003 A monomorphic instance of libcrux_sha3.portable.keccakx1
3004 with const generics
3005 - RATE= 136
3006 - DELIM= 31
3007 */
libcrux_sha3_portable_keccakx1_ce1(Eurydice_slice data[1U],Eurydice_slice out[1U])3008 static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_ce1(
3009 Eurydice_slice data[1U], Eurydice_slice out[1U]) {
3010 /* Passing arrays by value in Rust generates a copy in C */
3011 Eurydice_slice copy_of_data[1U];
3012 memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice));
3013 libcrux_sha3_generic_keccak_keccak_e91(copy_of_data, out);
3014 }
3015
3016 /**
3017 A portable SHAKE256 implementation.
3018 */
libcrux_sha3_portable_shake256(Eurydice_slice digest,Eurydice_slice data)3019 static KRML_MUSTINLINE void libcrux_sha3_portable_shake256(
3020 Eurydice_slice digest, Eurydice_slice data) {
3021 Eurydice_slice buf0[1U] = {data};
3022 Eurydice_slice buf[1U] = {digest};
3023 libcrux_sha3_portable_keccakx1_ce1(buf0, buf);
3024 }
3025
3026 typedef libcrux_sha3_generic_keccak_KeccakState_48
3027 libcrux_sha3_portable_KeccakState;
3028
3029 /**
3030 Create a new SHAKE-128 state object.
3031 */
3032 static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_48
libcrux_sha3_portable_incremental_shake128_init(void)3033 libcrux_sha3_portable_incremental_shake128_init(void) {
3034 return libcrux_sha3_generic_keccak_new_1e_f4();
3035 }
3036
3037 /**
3038 A monomorphic instance of libcrux_sha3.portable_keccak.load_block
3039 with const generics
3040 - RATE= 168
3041 */
libcrux_sha3_portable_keccak_load_block_2c1(uint64_t (* s)[5U],Eurydice_slice blocks[1U])3042 static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_2c1(
3043 uint64_t (*s)[5U], Eurydice_slice blocks[1U]) {
3044 for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)8U; i++) {
3045 size_t i0 = i;
3046 uint8_t uu____0[8U];
3047 Result_56 dst;
3048 Eurydice_slice_to_array2(
3049 &dst,
3050 Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0,
3051 (size_t)8U * i0 + (size_t)8U, uint8_t),
3052 Eurydice_slice, uint8_t[8U]);
3053 unwrap_41_ac(dst, uu____0);
3054 size_t uu____1 = i0 / (size_t)5U;
3055 size_t uu____2 = i0 % (size_t)5U;
3056 s[uu____1][uu____2] =
3057 s[uu____1][uu____2] ^ core_num__u64_9__from_le_bytes(uu____0);
3058 }
3059 }
3060
3061 /**
3062 A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full
3063 with const generics
3064 - RATE= 168
3065 */
libcrux_sha3_portable_keccak_load_block_full_df1(uint64_t (* s)[5U],uint8_t blocks[1U][200U])3066 static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_df1(
3067 uint64_t (*s)[5U], uint8_t blocks[1U][200U]) {
3068 Eurydice_slice buf[1U] = {
3069 Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t)};
3070 libcrux_sha3_portable_keccak_load_block_2c1(s, buf);
3071 }
3072
3073 /**
3074 This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1:
3075 usize> for u64)}
3076 */
3077 /**
3078 A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full_5a
3079 with const generics
3080 - RATE= 168
3081 */
libcrux_sha3_portable_keccak_load_block_full_5a_d21(uint64_t (* a)[5U],uint8_t b[1U][200U])3082 static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_d21(
3083 uint64_t (*a)[5U], uint8_t b[1U][200U]) {
3084 uint64_t(*uu____0)[5U] = a;
3085 /* Passing arrays by value in Rust generates a copy in C */
3086 uint8_t copy_of_b[1U][200U];
3087 memcpy(copy_of_b, b, (size_t)1U * sizeof(uint8_t[200U]));
3088 libcrux_sha3_portable_keccak_load_block_full_df1(uu____0, copy_of_b);
3089 }
3090
3091 /**
3092 A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final
3093 with types uint64_t
3094 with const generics
3095 - N= 1
3096 - RATE= 168
3097 - DELIM= 31
3098 */
libcrux_sha3_generic_keccak_absorb_final_c72(libcrux_sha3_generic_keccak_KeccakState_48 * s,Eurydice_slice last[1U])3099 static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_c72(
3100 libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) {
3101 size_t last_len = Eurydice_slice_len(last[0U], uint8_t);
3102 uint8_t blocks[1U][200U] = {{0U}};
3103 for (size_t i = (size_t)0U; i < (size_t)1U; i++) {
3104 size_t i0 = i;
3105 if (last_len > (size_t)0U) {
3106 Eurydice_slice uu____0 = Eurydice_array_to_subslice2(
3107 blocks[i0], (size_t)0U, last_len, uint8_t);
3108 Eurydice_slice_copy(uu____0, last[i0], uint8_t);
3109 }
3110 blocks[i0][last_len] = 31U;
3111 size_t uu____1 = i0;
3112 size_t uu____2 = (size_t)168U - (size_t)1U;
3113 blocks[uu____1][uu____2] = (uint32_t)blocks[uu____1][uu____2] | 128U;
3114 }
3115 uint64_t(*uu____3)[5U] = s->st;
3116 uint8_t uu____4[1U][200U];
3117 memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U]));
3118 libcrux_sha3_portable_keccak_load_block_full_5a_d21(uu____3, uu____4);
3119 libcrux_sha3_generic_keccak_keccakf1600_21(s);
3120 }
3121
3122 /**
3123 Absorb
3124 */
3125 static KRML_MUSTINLINE void
libcrux_sha3_portable_incremental_shake128_absorb_final(libcrux_sha3_generic_keccak_KeccakState_48 * s,Eurydice_slice data0)3126 libcrux_sha3_portable_incremental_shake128_absorb_final(
3127 libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice data0) {
3128 Eurydice_slice buf[1U] = {data0};
3129 libcrux_sha3_generic_keccak_absorb_final_c72(s, buf);
3130 }
3131
3132 /**
3133 A monomorphic instance of libcrux_sha3.portable_keccak.store_block
3134 with const generics
3135 - RATE= 168
3136 */
libcrux_sha3_portable_keccak_store_block_581(uint64_t (* s)[5U],Eurydice_slice out[1U])3137 static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_581(
3138 uint64_t (*s)[5U], Eurydice_slice out[1U]) {
3139 for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)8U; i++) {
3140 size_t i0 = i;
3141 Eurydice_slice uu____0 = Eurydice_slice_subslice2(
3142 out[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t);
3143 uint8_t ret[8U];
3144 core_num__u64_9__to_le_bytes(s[i0 / (size_t)5U][i0 % (size_t)5U], ret);
3145 Eurydice_slice_copy(
3146 uu____0, Eurydice_array_to_slice((size_t)8U, ret, uint8_t), uint8_t);
3147 }
3148 }
3149
3150 /**
3151 This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1:
3152 usize> for u64)}
3153 */
3154 /**
3155 A monomorphic instance of libcrux_sha3.portable_keccak.store_block_5a
3156 with const generics
3157 - RATE= 168
3158 */
libcrux_sha3_portable_keccak_store_block_5a_591(uint64_t (* a)[5U],Eurydice_slice b[1U])3159 static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_591(
3160 uint64_t (*a)[5U], Eurydice_slice b[1U]) {
3161 libcrux_sha3_portable_keccak_store_block_581(a, b);
3162 }
3163
3164 /**
3165 A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_next_block
3166 with types uint64_t
3167 with const generics
3168 - N= 1
3169 - RATE= 168
3170 */
libcrux_sha3_generic_keccak_squeeze_next_block_fc1(libcrux_sha3_generic_keccak_KeccakState_48 * s,Eurydice_slice out[1U])3171 static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_fc1(
3172 libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) {
3173 libcrux_sha3_generic_keccak_keccakf1600_21(s);
3174 libcrux_sha3_portable_keccak_store_block_5a_591(s->st, out);
3175 }
3176
3177 /**
3178 Squeeze another block
3179 */
3180 static KRML_MUSTINLINE void
libcrux_sha3_portable_incremental_shake128_squeeze_next_block(libcrux_sha3_generic_keccak_KeccakState_48 * s,Eurydice_slice out0)3181 libcrux_sha3_portable_incremental_shake128_squeeze_next_block(
3182 libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out0) {
3183 Eurydice_slice buf[1U] = {out0};
3184 libcrux_sha3_generic_keccak_squeeze_next_block_fc1(s, buf);
3185 }
3186
3187 /**
3188 A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_block
3189 with types uint64_t
3190 with const generics
3191 - N= 1
3192 - RATE= 168
3193 */
libcrux_sha3_generic_keccak_squeeze_first_block_841(libcrux_sha3_generic_keccak_KeccakState_48 * s,Eurydice_slice out[1U])3194 static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_841(
3195 libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) {
3196 libcrux_sha3_portable_keccak_store_block_5a_591(s->st, out);
3197 }
3198
3199 /**
3200 A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_three_blocks
3201 with types uint64_t
3202 with const generics
3203 - N= 1
3204 - RATE= 168
3205 */
3206 static KRML_MUSTINLINE void
libcrux_sha3_generic_keccak_squeeze_first_three_blocks_cc(libcrux_sha3_generic_keccak_KeccakState_48 * s,Eurydice_slice out[1U])3207 libcrux_sha3_generic_keccak_squeeze_first_three_blocks_cc(
3208 libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) {
3209 Eurydice_slice_uint8_t_1size_t__x2 uu____0 =
3210 libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)168U);
3211 Eurydice_slice o0[1U];
3212 memcpy(o0, uu____0.fst, (size_t)1U * sizeof(Eurydice_slice));
3213 Eurydice_slice o10[1U];
3214 memcpy(o10, uu____0.snd, (size_t)1U * sizeof(Eurydice_slice));
3215 libcrux_sha3_generic_keccak_squeeze_first_block_841(s, o0);
3216 Eurydice_slice_uint8_t_1size_t__x2 uu____1 =
3217 libcrux_sha3_portable_keccak_split_at_mut_n_5a(o10, (size_t)168U);
3218 Eurydice_slice o1[1U];
3219 memcpy(o1, uu____1.fst, (size_t)1U * sizeof(Eurydice_slice));
3220 Eurydice_slice o2[1U];
3221 memcpy(o2, uu____1.snd, (size_t)1U * sizeof(Eurydice_slice));
3222 libcrux_sha3_generic_keccak_squeeze_next_block_fc1(s, o1);
3223 libcrux_sha3_generic_keccak_squeeze_next_block_fc1(s, o2);
3224 }
3225
3226 /**
3227 Squeeze three blocks
3228 */
3229 static KRML_MUSTINLINE void
libcrux_sha3_portable_incremental_shake128_squeeze_first_three_blocks(libcrux_sha3_generic_keccak_KeccakState_48 * s,Eurydice_slice out0)3230 libcrux_sha3_portable_incremental_shake128_squeeze_first_three_blocks(
3231 libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out0) {
3232 Eurydice_slice buf[1U] = {out0};
3233 libcrux_sha3_generic_keccak_squeeze_first_three_blocks_cc(s, buf);
3234 }
3235
3236 #define libcrux_sha3_Sha224 0
3237 #define libcrux_sha3_Sha256 1
3238 #define libcrux_sha3_Sha384 2
3239 #define libcrux_sha3_Sha512 3
3240
3241 typedef uint8_t libcrux_sha3_Algorithm;
3242
3243 /**
3244 Returns the output size of a digest.
3245 */
libcrux_sha3_digest_size(libcrux_sha3_Algorithm mode)3246 static inline size_t libcrux_sha3_digest_size(libcrux_sha3_Algorithm mode) {
3247 size_t uu____0;
3248 switch (mode) {
3249 case libcrux_sha3_Sha224: {
3250 uu____0 = (size_t)28U;
3251 break;
3252 }
3253 case libcrux_sha3_Sha256: {
3254 uu____0 = (size_t)32U;
3255 break;
3256 }
3257 case libcrux_sha3_Sha384: {
3258 uu____0 = (size_t)48U;
3259 break;
3260 }
3261 case libcrux_sha3_Sha512: {
3262 uu____0 = (size_t)64U;
3263 break;
3264 }
3265 default: {
3266 KRML_HOST_EPRINTF("KaRaMeL incomplete match at %s:%d\n", __FILE__,
3267 __LINE__);
3268 KRML_HOST_EXIT(253U);
3269 }
3270 }
3271 return uu____0;
3272 }
3273
3274 /**
3275 A monomorphic instance of libcrux_sha3.portable_keccak.load_block
3276 with const generics
3277 - RATE= 144
3278 */
libcrux_sha3_portable_keccak_load_block_2c2(uint64_t (* s)[5U],Eurydice_slice blocks[1U])3279 static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_2c2(
3280 uint64_t (*s)[5U], Eurydice_slice blocks[1U]) {
3281 for (size_t i = (size_t)0U; i < (size_t)144U / (size_t)8U; i++) {
3282 size_t i0 = i;
3283 uint8_t uu____0[8U];
3284 Result_56 dst;
3285 Eurydice_slice_to_array2(
3286 &dst,
3287 Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0,
3288 (size_t)8U * i0 + (size_t)8U, uint8_t),
3289 Eurydice_slice, uint8_t[8U]);
3290 unwrap_41_ac(dst, uu____0);
3291 size_t uu____1 = i0 / (size_t)5U;
3292 size_t uu____2 = i0 % (size_t)5U;
3293 s[uu____1][uu____2] =
3294 s[uu____1][uu____2] ^ core_num__u64_9__from_le_bytes(uu____0);
3295 }
3296 }
3297
3298 /**
3299 This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1:
3300 usize> for u64)}
3301 */
3302 /**
3303 A monomorphic instance of libcrux_sha3.portable_keccak.load_block_5a
3304 with const generics
3305 - RATE= 144
3306 */
libcrux_sha3_portable_keccak_load_block_5a_b81(uint64_t (* a)[5U],Eurydice_slice b[1U])3307 static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_b81(
3308 uint64_t (*a)[5U], Eurydice_slice b[1U]) {
3309 uint64_t(*uu____0)[5U] = a;
3310 /* Passing arrays by value in Rust generates a copy in C */
3311 Eurydice_slice copy_of_b[1U];
3312 memcpy(copy_of_b, b, (size_t)1U * sizeof(Eurydice_slice));
3313 libcrux_sha3_portable_keccak_load_block_2c2(uu____0, copy_of_b);
3314 }
3315
3316 /**
3317 A monomorphic instance of libcrux_sha3.generic_keccak.absorb_block
3318 with types uint64_t
3319 with const generics
3320 - N= 1
3321 - RATE= 144
3322 */
libcrux_sha3_generic_keccak_absorb_block_df1(libcrux_sha3_generic_keccak_KeccakState_48 * s,Eurydice_slice blocks[1U])3323 static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_df1(
3324 libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice blocks[1U]) {
3325 uint64_t(*uu____0)[5U] = s->st;
3326 Eurydice_slice uu____1[1U];
3327 memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice));
3328 libcrux_sha3_portable_keccak_load_block_5a_b81(uu____0, uu____1);
3329 libcrux_sha3_generic_keccak_keccakf1600_21(s);
3330 }
3331
3332 /**
3333 A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full
3334 with const generics
3335 - RATE= 144
3336 */
libcrux_sha3_portable_keccak_load_block_full_df2(uint64_t (* s)[5U],uint8_t blocks[1U][200U])3337 static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_df2(
3338 uint64_t (*s)[5U], uint8_t blocks[1U][200U]) {
3339 Eurydice_slice buf[1U] = {
3340 Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t)};
3341 libcrux_sha3_portable_keccak_load_block_2c2(s, buf);
3342 }
3343
3344 /**
3345 This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1:
3346 usize> for u64)}
3347 */
3348 /**
3349 A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full_5a
3350 with const generics
3351 - RATE= 144
3352 */
libcrux_sha3_portable_keccak_load_block_full_5a_d22(uint64_t (* a)[5U],uint8_t b[1U][200U])3353 static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_d22(
3354 uint64_t (*a)[5U], uint8_t b[1U][200U]) {
3355 uint64_t(*uu____0)[5U] = a;
3356 /* Passing arrays by value in Rust generates a copy in C */
3357 uint8_t copy_of_b[1U][200U];
3358 memcpy(copy_of_b, b, (size_t)1U * sizeof(uint8_t[200U]));
3359 libcrux_sha3_portable_keccak_load_block_full_df2(uu____0, copy_of_b);
3360 }
3361
3362 /**
3363 A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final
3364 with types uint64_t
3365 with const generics
3366 - N= 1
3367 - RATE= 144
3368 - DELIM= 6
3369 */
libcrux_sha3_generic_keccak_absorb_final_c73(libcrux_sha3_generic_keccak_KeccakState_48 * s,Eurydice_slice last[1U])3370 static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_c73(
3371 libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) {
3372 size_t last_len = Eurydice_slice_len(last[0U], uint8_t);
3373 uint8_t blocks[1U][200U] = {{0U}};
3374 for (size_t i = (size_t)0U; i < (size_t)1U; i++) {
3375 size_t i0 = i;
3376 if (last_len > (size_t)0U) {
3377 Eurydice_slice uu____0 = Eurydice_array_to_subslice2(
3378 blocks[i0], (size_t)0U, last_len, uint8_t);
3379 Eurydice_slice_copy(uu____0, last[i0], uint8_t);
3380 }
3381 blocks[i0][last_len] = 6U;
3382 size_t uu____1 = i0;
3383 size_t uu____2 = (size_t)144U - (size_t)1U;
3384 blocks[uu____1][uu____2] = (uint32_t)blocks[uu____1][uu____2] | 128U;
3385 }
3386 uint64_t(*uu____3)[5U] = s->st;
3387 uint8_t uu____4[1U][200U];
3388 memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U]));
3389 libcrux_sha3_portable_keccak_load_block_full_5a_d22(uu____3, uu____4);
3390 libcrux_sha3_generic_keccak_keccakf1600_21(s);
3391 }
3392
3393 /**
3394 A monomorphic instance of libcrux_sha3.portable_keccak.store_block
3395 with const generics
3396 - RATE= 144
3397 */
libcrux_sha3_portable_keccak_store_block_582(uint64_t (* s)[5U],Eurydice_slice out[1U])3398 static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_582(
3399 uint64_t (*s)[5U], Eurydice_slice out[1U]) {
3400 for (size_t i = (size_t)0U; i < (size_t)144U / (size_t)8U; i++) {
3401 size_t i0 = i;
3402 Eurydice_slice uu____0 = Eurydice_slice_subslice2(
3403 out[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t);
3404 uint8_t ret[8U];
3405 core_num__u64_9__to_le_bytes(s[i0 / (size_t)5U][i0 % (size_t)5U], ret);
3406 Eurydice_slice_copy(
3407 uu____0, Eurydice_array_to_slice((size_t)8U, ret, uint8_t), uint8_t);
3408 }
3409 }
3410
3411 /**
3412 A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full
3413 with const generics
3414 - RATE= 144
3415 */
libcrux_sha3_portable_keccak_store_block_full_2d1(uint64_t (* s)[5U],uint8_t ret[1U][200U])3416 static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_2d1(
3417 uint64_t (*s)[5U], uint8_t ret[1U][200U]) {
3418 uint8_t out[200U] = {0U};
3419 Eurydice_slice buf[1U] = {
3420 Eurydice_array_to_slice((size_t)200U, out, uint8_t)};
3421 libcrux_sha3_portable_keccak_store_block_582(s, buf);
3422 /* Passing arrays by value in Rust generates a copy in C */
3423 uint8_t copy_of_out[200U];
3424 memcpy(copy_of_out, out, (size_t)200U * sizeof(uint8_t));
3425 memcpy(ret[0U], copy_of_out, (size_t)200U * sizeof(uint8_t));
3426 }
3427
3428 /**
3429 This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1:
3430 usize> for u64)}
3431 */
3432 /**
3433 A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full_5a
3434 with const generics
3435 - RATE= 144
3436 */
3437 static KRML_MUSTINLINE void
libcrux_sha3_portable_keccak_store_block_full_5a_291(uint64_t (* a)[5U],uint8_t ret[1U][200U])3438 libcrux_sha3_portable_keccak_store_block_full_5a_291(uint64_t (*a)[5U],
3439 uint8_t ret[1U][200U]) {
3440 libcrux_sha3_portable_keccak_store_block_full_2d1(a, ret);
3441 }
3442
3443 /**
3444 A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_and_last
3445 with types uint64_t
3446 with const generics
3447 - N= 1
3448 - RATE= 144
3449 */
3450 static KRML_MUSTINLINE void
libcrux_sha3_generic_keccak_squeeze_first_and_last_c51(libcrux_sha3_generic_keccak_KeccakState_48 * s,Eurydice_slice out[1U])3451 libcrux_sha3_generic_keccak_squeeze_first_and_last_c51(
3452 libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) {
3453 uint8_t b[1U][200U];
3454 libcrux_sha3_portable_keccak_store_block_full_5a_291(s->st, b);
3455 for (size_t i = (size_t)0U; i < (size_t)1U; i++) {
3456 size_t i0 = i;
3457 Eurydice_slice uu____0 = out[i0];
3458 uint8_t *uu____1 = b[i0];
3459 core_ops_range_Range_b3 lit;
3460 lit.start = (size_t)0U;
3461 lit.end = Eurydice_slice_len(out[i0], uint8_t);
3462 Eurydice_slice_copy(
3463 uu____0,
3464 Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t,
3465 core_ops_range_Range_b3),
3466 uint8_t);
3467 }
3468 }
3469
3470 /**
3471 This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1:
3472 usize> for u64)}
3473 */
3474 /**
3475 A monomorphic instance of libcrux_sha3.portable_keccak.store_block_5a
3476 with const generics
3477 - RATE= 144
3478 */
libcrux_sha3_portable_keccak_store_block_5a_592(uint64_t (* a)[5U],Eurydice_slice b[1U])3479 static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_592(
3480 uint64_t (*a)[5U], Eurydice_slice b[1U]) {
3481 libcrux_sha3_portable_keccak_store_block_582(a, b);
3482 }
3483
3484 /**
3485 A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_block
3486 with types uint64_t
3487 with const generics
3488 - N= 1
3489 - RATE= 144
3490 */
libcrux_sha3_generic_keccak_squeeze_first_block_842(libcrux_sha3_generic_keccak_KeccakState_48 * s,Eurydice_slice out[1U])3491 static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_842(
3492 libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) {
3493 libcrux_sha3_portable_keccak_store_block_5a_592(s->st, out);
3494 }
3495
3496 /**
3497 A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_next_block
3498 with types uint64_t
3499 with const generics
3500 - N= 1
3501 - RATE= 144
3502 */
libcrux_sha3_generic_keccak_squeeze_next_block_fc2(libcrux_sha3_generic_keccak_KeccakState_48 * s,Eurydice_slice out[1U])3503 static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_fc2(
3504 libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) {
3505 libcrux_sha3_generic_keccak_keccakf1600_21(s);
3506 libcrux_sha3_portable_keccak_store_block_5a_592(s->st, out);
3507 }
3508
3509 /**
3510 A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_last
3511 with types uint64_t
3512 with const generics
3513 - N= 1
3514 - RATE= 144
3515 */
libcrux_sha3_generic_keccak_squeeze_last_cf1(libcrux_sha3_generic_keccak_KeccakState_48 s,Eurydice_slice out[1U])3516 static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_cf1(
3517 libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) {
3518 libcrux_sha3_generic_keccak_keccakf1600_21(&s);
3519 uint8_t b[1U][200U];
3520 libcrux_sha3_portable_keccak_store_block_full_5a_291(s.st, b);
3521 for (size_t i = (size_t)0U; i < (size_t)1U; i++) {
3522 size_t i0 = i;
3523 Eurydice_slice uu____0 = out[i0];
3524 uint8_t *uu____1 = b[i0];
3525 core_ops_range_Range_b3 lit;
3526 lit.start = (size_t)0U;
3527 lit.end = Eurydice_slice_len(out[i0], uint8_t);
3528 Eurydice_slice_copy(
3529 uu____0,
3530 Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t,
3531 core_ops_range_Range_b3),
3532 uint8_t);
3533 }
3534 }
3535
3536 /**
3537 A monomorphic instance of libcrux_sha3.generic_keccak.keccak
3538 with types uint64_t
3539 with const generics
3540 - N= 1
3541 - RATE= 144
3542 - DELIM= 6
3543 */
libcrux_sha3_generic_keccak_keccak_e92(Eurydice_slice data[1U],Eurydice_slice out[1U])3544 static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_e92(
3545 Eurydice_slice data[1U], Eurydice_slice out[1U]) {
3546 libcrux_sha3_generic_keccak_KeccakState_48 s =
3547 libcrux_sha3_generic_keccak_new_1e_f4();
3548 for (size_t i = (size_t)0U;
3549 i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)144U; i++) {
3550 size_t i0 = i;
3551 libcrux_sha3_generic_keccak_KeccakState_48 *uu____0 = &s;
3552 /* Passing arrays by value in Rust generates a copy in C */
3553 Eurydice_slice copy_of_data[1U];
3554 memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice));
3555 Eurydice_slice ret[1U];
3556 libcrux_sha3_portable_keccak_slice_n_5a(copy_of_data, i0 * (size_t)144U,
3557 (size_t)144U, ret);
3558 libcrux_sha3_generic_keccak_absorb_block_df1(uu____0, ret);
3559 }
3560 size_t rem = Eurydice_slice_len(data[0U], uint8_t) % (size_t)144U;
3561 libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s;
3562 /* Passing arrays by value in Rust generates a copy in C */
3563 Eurydice_slice copy_of_data[1U];
3564 memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice));
3565 Eurydice_slice ret[1U];
3566 libcrux_sha3_portable_keccak_slice_n_5a(
3567 copy_of_data, Eurydice_slice_len(data[0U], uint8_t) - rem, rem, ret);
3568 libcrux_sha3_generic_keccak_absorb_final_c73(uu____2, ret);
3569 size_t outlen = Eurydice_slice_len(out[0U], uint8_t);
3570 size_t blocks = outlen / (size_t)144U;
3571 size_t last = outlen - outlen % (size_t)144U;
3572 if (blocks == (size_t)0U) {
3573 libcrux_sha3_generic_keccak_squeeze_first_and_last_c51(&s, out);
3574 } else {
3575 Eurydice_slice_uint8_t_1size_t__x2 uu____4 =
3576 libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)144U);
3577 Eurydice_slice o0[1U];
3578 memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice));
3579 Eurydice_slice o1[1U];
3580 memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice));
3581 libcrux_sha3_generic_keccak_squeeze_first_block_842(&s, o0);
3582 core_ops_range_Range_b3 iter =
3583 core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter(
3584 (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U,
3585 .end = blocks}),
3586 core_ops_range_Range_b3, core_ops_range_Range_b3);
3587 while (true) {
3588 if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next(
3589 &iter, size_t, Option_b3)
3590 .tag == None) {
3591 break;
3592 } else {
3593 Eurydice_slice_uint8_t_1size_t__x2 uu____5 =
3594 libcrux_sha3_portable_keccak_split_at_mut_n_5a(o1, (size_t)144U);
3595 Eurydice_slice o[1U];
3596 memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice));
3597 Eurydice_slice orest[1U];
3598 memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice));
3599 libcrux_sha3_generic_keccak_squeeze_next_block_fc2(&s, o);
3600 memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice));
3601 }
3602 }
3603 if (last < outlen) {
3604 libcrux_sha3_generic_keccak_squeeze_last_cf1(s, o1);
3605 }
3606 }
3607 }
3608
3609 /**
3610 A monomorphic instance of libcrux_sha3.portable.keccakx1
3611 with const generics
3612 - RATE= 144
3613 - DELIM= 6
3614 */
libcrux_sha3_portable_keccakx1_ce2(Eurydice_slice data[1U],Eurydice_slice out[1U])3615 static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_ce2(
3616 Eurydice_slice data[1U], Eurydice_slice out[1U]) {
3617 /* Passing arrays by value in Rust generates a copy in C */
3618 Eurydice_slice copy_of_data[1U];
3619 memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice));
3620 libcrux_sha3_generic_keccak_keccak_e92(copy_of_data, out);
3621 }
3622
3623 /**
3624 A portable SHA3 224 implementation.
3625 */
libcrux_sha3_portable_sha224(Eurydice_slice digest,Eurydice_slice data)3626 static KRML_MUSTINLINE void libcrux_sha3_portable_sha224(Eurydice_slice digest,
3627 Eurydice_slice data) {
3628 Eurydice_slice buf0[1U] = {data};
3629 Eurydice_slice buf[1U] = {digest};
3630 libcrux_sha3_portable_keccakx1_ce2(buf0, buf);
3631 }
3632
3633 /**
3634 A monomorphic instance of libcrux_sha3.portable_keccak.load_block
3635 with const generics
3636 - RATE= 104
3637 */
libcrux_sha3_portable_keccak_load_block_2c3(uint64_t (* s)[5U],Eurydice_slice blocks[1U])3638 static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_2c3(
3639 uint64_t (*s)[5U], Eurydice_slice blocks[1U]) {
3640 for (size_t i = (size_t)0U; i < (size_t)104U / (size_t)8U; i++) {
3641 size_t i0 = i;
3642 uint8_t uu____0[8U];
3643 Result_56 dst;
3644 Eurydice_slice_to_array2(
3645 &dst,
3646 Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0,
3647 (size_t)8U * i0 + (size_t)8U, uint8_t),
3648 Eurydice_slice, uint8_t[8U]);
3649 unwrap_41_ac(dst, uu____0);
3650 size_t uu____1 = i0 / (size_t)5U;
3651 size_t uu____2 = i0 % (size_t)5U;
3652 s[uu____1][uu____2] =
3653 s[uu____1][uu____2] ^ core_num__u64_9__from_le_bytes(uu____0);
3654 }
3655 }
3656
3657 /**
3658 This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1:
3659 usize> for u64)}
3660 */
3661 /**
3662 A monomorphic instance of libcrux_sha3.portable_keccak.load_block_5a
3663 with const generics
3664 - RATE= 104
3665 */
libcrux_sha3_portable_keccak_load_block_5a_b82(uint64_t (* a)[5U],Eurydice_slice b[1U])3666 static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_b82(
3667 uint64_t (*a)[5U], Eurydice_slice b[1U]) {
3668 uint64_t(*uu____0)[5U] = a;
3669 /* Passing arrays by value in Rust generates a copy in C */
3670 Eurydice_slice copy_of_b[1U];
3671 memcpy(copy_of_b, b, (size_t)1U * sizeof(Eurydice_slice));
3672 libcrux_sha3_portable_keccak_load_block_2c3(uu____0, copy_of_b);
3673 }
3674
3675 /**
3676 A monomorphic instance of libcrux_sha3.generic_keccak.absorb_block
3677 with types uint64_t
3678 with const generics
3679 - N= 1
3680 - RATE= 104
3681 */
libcrux_sha3_generic_keccak_absorb_block_df2(libcrux_sha3_generic_keccak_KeccakState_48 * s,Eurydice_slice blocks[1U])3682 static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_df2(
3683 libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice blocks[1U]) {
3684 uint64_t(*uu____0)[5U] = s->st;
3685 Eurydice_slice uu____1[1U];
3686 memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice));
3687 libcrux_sha3_portable_keccak_load_block_5a_b82(uu____0, uu____1);
3688 libcrux_sha3_generic_keccak_keccakf1600_21(s);
3689 }
3690
3691 /**
3692 A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full
3693 with const generics
3694 - RATE= 104
3695 */
libcrux_sha3_portable_keccak_load_block_full_df3(uint64_t (* s)[5U],uint8_t blocks[1U][200U])3696 static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_df3(
3697 uint64_t (*s)[5U], uint8_t blocks[1U][200U]) {
3698 Eurydice_slice buf[1U] = {
3699 Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t)};
3700 libcrux_sha3_portable_keccak_load_block_2c3(s, buf);
3701 }
3702
3703 /**
3704 This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1:
3705 usize> for u64)}
3706 */
3707 /**
3708 A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full_5a
3709 with const generics
3710 - RATE= 104
3711 */
libcrux_sha3_portable_keccak_load_block_full_5a_d23(uint64_t (* a)[5U],uint8_t b[1U][200U])3712 static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_d23(
3713 uint64_t (*a)[5U], uint8_t b[1U][200U]) {
3714 uint64_t(*uu____0)[5U] = a;
3715 /* Passing arrays by value in Rust generates a copy in C */
3716 uint8_t copy_of_b[1U][200U];
3717 memcpy(copy_of_b, b, (size_t)1U * sizeof(uint8_t[200U]));
3718 libcrux_sha3_portable_keccak_load_block_full_df3(uu____0, copy_of_b);
3719 }
3720
3721 /**
3722 A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final
3723 with types uint64_t
3724 with const generics
3725 - N= 1
3726 - RATE= 104
3727 - DELIM= 6
3728 */
libcrux_sha3_generic_keccak_absorb_final_c74(libcrux_sha3_generic_keccak_KeccakState_48 * s,Eurydice_slice last[1U])3729 static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_c74(
3730 libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) {
3731 size_t last_len = Eurydice_slice_len(last[0U], uint8_t);
3732 uint8_t blocks[1U][200U] = {{0U}};
3733 for (size_t i = (size_t)0U; i < (size_t)1U; i++) {
3734 size_t i0 = i;
3735 if (last_len > (size_t)0U) {
3736 Eurydice_slice uu____0 = Eurydice_array_to_subslice2(
3737 blocks[i0], (size_t)0U, last_len, uint8_t);
3738 Eurydice_slice_copy(uu____0, last[i0], uint8_t);
3739 }
3740 blocks[i0][last_len] = 6U;
3741 size_t uu____1 = i0;
3742 size_t uu____2 = (size_t)104U - (size_t)1U;
3743 blocks[uu____1][uu____2] = (uint32_t)blocks[uu____1][uu____2] | 128U;
3744 }
3745 uint64_t(*uu____3)[5U] = s->st;
3746 uint8_t uu____4[1U][200U];
3747 memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U]));
3748 libcrux_sha3_portable_keccak_load_block_full_5a_d23(uu____3, uu____4);
3749 libcrux_sha3_generic_keccak_keccakf1600_21(s);
3750 }
3751
3752 /**
3753 A monomorphic instance of libcrux_sha3.portable_keccak.store_block
3754 with const generics
3755 - RATE= 104
3756 */
libcrux_sha3_portable_keccak_store_block_583(uint64_t (* s)[5U],Eurydice_slice out[1U])3757 static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_583(
3758 uint64_t (*s)[5U], Eurydice_slice out[1U]) {
3759 for (size_t i = (size_t)0U; i < (size_t)104U / (size_t)8U; i++) {
3760 size_t i0 = i;
3761 Eurydice_slice uu____0 = Eurydice_slice_subslice2(
3762 out[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t);
3763 uint8_t ret[8U];
3764 core_num__u64_9__to_le_bytes(s[i0 / (size_t)5U][i0 % (size_t)5U], ret);
3765 Eurydice_slice_copy(
3766 uu____0, Eurydice_array_to_slice((size_t)8U, ret, uint8_t), uint8_t);
3767 }
3768 }
3769
3770 /**
3771 A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full
3772 with const generics
3773 - RATE= 104
3774 */
libcrux_sha3_portable_keccak_store_block_full_2d2(uint64_t (* s)[5U],uint8_t ret[1U][200U])3775 static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_2d2(
3776 uint64_t (*s)[5U], uint8_t ret[1U][200U]) {
3777 uint8_t out[200U] = {0U};
3778 Eurydice_slice buf[1U] = {
3779 Eurydice_array_to_slice((size_t)200U, out, uint8_t)};
3780 libcrux_sha3_portable_keccak_store_block_583(s, buf);
3781 /* Passing arrays by value in Rust generates a copy in C */
3782 uint8_t copy_of_out[200U];
3783 memcpy(copy_of_out, out, (size_t)200U * sizeof(uint8_t));
3784 memcpy(ret[0U], copy_of_out, (size_t)200U * sizeof(uint8_t));
3785 }
3786
3787 /**
3788 This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1:
3789 usize> for u64)}
3790 */
3791 /**
3792 A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full_5a
3793 with const generics
3794 - RATE= 104
3795 */
3796 static KRML_MUSTINLINE void
libcrux_sha3_portable_keccak_store_block_full_5a_292(uint64_t (* a)[5U],uint8_t ret[1U][200U])3797 libcrux_sha3_portable_keccak_store_block_full_5a_292(uint64_t (*a)[5U],
3798 uint8_t ret[1U][200U]) {
3799 libcrux_sha3_portable_keccak_store_block_full_2d2(a, ret);
3800 }
3801
3802 /**
3803 A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_and_last
3804 with types uint64_t
3805 with const generics
3806 - N= 1
3807 - RATE= 104
3808 */
3809 static KRML_MUSTINLINE void
libcrux_sha3_generic_keccak_squeeze_first_and_last_c52(libcrux_sha3_generic_keccak_KeccakState_48 * s,Eurydice_slice out[1U])3810 libcrux_sha3_generic_keccak_squeeze_first_and_last_c52(
3811 libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) {
3812 uint8_t b[1U][200U];
3813 libcrux_sha3_portable_keccak_store_block_full_5a_292(s->st, b);
3814 for (size_t i = (size_t)0U; i < (size_t)1U; i++) {
3815 size_t i0 = i;
3816 Eurydice_slice uu____0 = out[i0];
3817 uint8_t *uu____1 = b[i0];
3818 core_ops_range_Range_b3 lit;
3819 lit.start = (size_t)0U;
3820 lit.end = Eurydice_slice_len(out[i0], uint8_t);
3821 Eurydice_slice_copy(
3822 uu____0,
3823 Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t,
3824 core_ops_range_Range_b3),
3825 uint8_t);
3826 }
3827 }
3828
3829 /**
3830 This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1:
3831 usize> for u64)}
3832 */
3833 /**
3834 A monomorphic instance of libcrux_sha3.portable_keccak.store_block_5a
3835 with const generics
3836 - RATE= 104
3837 */
libcrux_sha3_portable_keccak_store_block_5a_593(uint64_t (* a)[5U],Eurydice_slice b[1U])3838 static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_593(
3839 uint64_t (*a)[5U], Eurydice_slice b[1U]) {
3840 libcrux_sha3_portable_keccak_store_block_583(a, b);
3841 }
3842
3843 /**
3844 A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_block
3845 with types uint64_t
3846 with const generics
3847 - N= 1
3848 - RATE= 104
3849 */
libcrux_sha3_generic_keccak_squeeze_first_block_843(libcrux_sha3_generic_keccak_KeccakState_48 * s,Eurydice_slice out[1U])3850 static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_843(
3851 libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) {
3852 libcrux_sha3_portable_keccak_store_block_5a_593(s->st, out);
3853 }
3854
3855 /**
3856 A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_next_block
3857 with types uint64_t
3858 with const generics
3859 - N= 1
3860 - RATE= 104
3861 */
libcrux_sha3_generic_keccak_squeeze_next_block_fc3(libcrux_sha3_generic_keccak_KeccakState_48 * s,Eurydice_slice out[1U])3862 static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_fc3(
3863 libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) {
3864 libcrux_sha3_generic_keccak_keccakf1600_21(s);
3865 libcrux_sha3_portable_keccak_store_block_5a_593(s->st, out);
3866 }
3867
3868 /**
3869 A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_last
3870 with types uint64_t
3871 with const generics
3872 - N= 1
3873 - RATE= 104
3874 */
libcrux_sha3_generic_keccak_squeeze_last_cf2(libcrux_sha3_generic_keccak_KeccakState_48 s,Eurydice_slice out[1U])3875 static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_cf2(
3876 libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) {
3877 libcrux_sha3_generic_keccak_keccakf1600_21(&s);
3878 uint8_t b[1U][200U];
3879 libcrux_sha3_portable_keccak_store_block_full_5a_292(s.st, b);
3880 for (size_t i = (size_t)0U; i < (size_t)1U; i++) {
3881 size_t i0 = i;
3882 Eurydice_slice uu____0 = out[i0];
3883 uint8_t *uu____1 = b[i0];
3884 core_ops_range_Range_b3 lit;
3885 lit.start = (size_t)0U;
3886 lit.end = Eurydice_slice_len(out[i0], uint8_t);
3887 Eurydice_slice_copy(
3888 uu____0,
3889 Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t,
3890 core_ops_range_Range_b3),
3891 uint8_t);
3892 }
3893 }
3894
3895 /**
3896 A monomorphic instance of libcrux_sha3.generic_keccak.keccak
3897 with types uint64_t
3898 with const generics
3899 - N= 1
3900 - RATE= 104
3901 - DELIM= 6
3902 */
libcrux_sha3_generic_keccak_keccak_e93(Eurydice_slice data[1U],Eurydice_slice out[1U])3903 static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_e93(
3904 Eurydice_slice data[1U], Eurydice_slice out[1U]) {
3905 libcrux_sha3_generic_keccak_KeccakState_48 s =
3906 libcrux_sha3_generic_keccak_new_1e_f4();
3907 for (size_t i = (size_t)0U;
3908 i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)104U; i++) {
3909 size_t i0 = i;
3910 libcrux_sha3_generic_keccak_KeccakState_48 *uu____0 = &s;
3911 /* Passing arrays by value in Rust generates a copy in C */
3912 Eurydice_slice copy_of_data[1U];
3913 memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice));
3914 Eurydice_slice ret[1U];
3915 libcrux_sha3_portable_keccak_slice_n_5a(copy_of_data, i0 * (size_t)104U,
3916 (size_t)104U, ret);
3917 libcrux_sha3_generic_keccak_absorb_block_df2(uu____0, ret);
3918 }
3919 size_t rem = Eurydice_slice_len(data[0U], uint8_t) % (size_t)104U;
3920 libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s;
3921 /* Passing arrays by value in Rust generates a copy in C */
3922 Eurydice_slice copy_of_data[1U];
3923 memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice));
3924 Eurydice_slice ret[1U];
3925 libcrux_sha3_portable_keccak_slice_n_5a(
3926 copy_of_data, Eurydice_slice_len(data[0U], uint8_t) - rem, rem, ret);
3927 libcrux_sha3_generic_keccak_absorb_final_c74(uu____2, ret);
3928 size_t outlen = Eurydice_slice_len(out[0U], uint8_t);
3929 size_t blocks = outlen / (size_t)104U;
3930 size_t last = outlen - outlen % (size_t)104U;
3931 if (blocks == (size_t)0U) {
3932 libcrux_sha3_generic_keccak_squeeze_first_and_last_c52(&s, out);
3933 } else {
3934 Eurydice_slice_uint8_t_1size_t__x2 uu____4 =
3935 libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)104U);
3936 Eurydice_slice o0[1U];
3937 memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice));
3938 Eurydice_slice o1[1U];
3939 memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice));
3940 libcrux_sha3_generic_keccak_squeeze_first_block_843(&s, o0);
3941 core_ops_range_Range_b3 iter =
3942 core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter(
3943 (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U,
3944 .end = blocks}),
3945 core_ops_range_Range_b3, core_ops_range_Range_b3);
3946 while (true) {
3947 if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next(
3948 &iter, size_t, Option_b3)
3949 .tag == None) {
3950 break;
3951 } else {
3952 Eurydice_slice_uint8_t_1size_t__x2 uu____5 =
3953 libcrux_sha3_portable_keccak_split_at_mut_n_5a(o1, (size_t)104U);
3954 Eurydice_slice o[1U];
3955 memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice));
3956 Eurydice_slice orest[1U];
3957 memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice));
3958 libcrux_sha3_generic_keccak_squeeze_next_block_fc3(&s, o);
3959 memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice));
3960 }
3961 }
3962 if (last < outlen) {
3963 libcrux_sha3_generic_keccak_squeeze_last_cf2(s, o1);
3964 }
3965 }
3966 }
3967
3968 /**
3969 A monomorphic instance of libcrux_sha3.portable.keccakx1
3970 with const generics
3971 - RATE= 104
3972 - DELIM= 6
3973 */
libcrux_sha3_portable_keccakx1_ce3(Eurydice_slice data[1U],Eurydice_slice out[1U])3974 static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_ce3(
3975 Eurydice_slice data[1U], Eurydice_slice out[1U]) {
3976 /* Passing arrays by value in Rust generates a copy in C */
3977 Eurydice_slice copy_of_data[1U];
3978 memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice));
3979 libcrux_sha3_generic_keccak_keccak_e93(copy_of_data, out);
3980 }
3981
3982 /**
3983 A portable SHA3 384 implementation.
3984 */
libcrux_sha3_portable_sha384(Eurydice_slice digest,Eurydice_slice data)3985 static KRML_MUSTINLINE void libcrux_sha3_portable_sha384(Eurydice_slice digest,
3986 Eurydice_slice data) {
3987 Eurydice_slice buf0[1U] = {data};
3988 Eurydice_slice buf[1U] = {digest};
3989 libcrux_sha3_portable_keccakx1_ce3(buf0, buf);
3990 }
3991
3992 /**
3993 SHA3 224
3994
3995 Preconditions:
3996 - `digest.len() == 28`
3997 */
libcrux_sha3_sha224_ema(Eurydice_slice digest,Eurydice_slice payload)3998 static KRML_MUSTINLINE void libcrux_sha3_sha224_ema(Eurydice_slice digest,
3999 Eurydice_slice payload) {
4000 libcrux_sha3_portable_sha224(digest, payload);
4001 }
4002
4003 /**
4004 SHA3 224
4005 */
libcrux_sha3_sha224(Eurydice_slice data,uint8_t ret[28U])4006 static KRML_MUSTINLINE void libcrux_sha3_sha224(Eurydice_slice data,
4007 uint8_t ret[28U]) {
4008 uint8_t out[28U] = {0U};
4009 libcrux_sha3_sha224_ema(Eurydice_array_to_slice((size_t)28U, out, uint8_t),
4010 data);
4011 memcpy(ret, out, (size_t)28U * sizeof(uint8_t));
4012 }
4013
4014 /**
4015 SHA3 256
4016 */
libcrux_sha3_sha256_ema(Eurydice_slice digest,Eurydice_slice payload)4017 static KRML_MUSTINLINE void libcrux_sha3_sha256_ema(Eurydice_slice digest,
4018 Eurydice_slice payload) {
4019 libcrux_sha3_portable_sha256(digest, payload);
4020 }
4021
4022 /**
4023 SHA3 256
4024 */
libcrux_sha3_sha256(Eurydice_slice data,uint8_t ret[32U])4025 static KRML_MUSTINLINE void libcrux_sha3_sha256(Eurydice_slice data,
4026 uint8_t ret[32U]) {
4027 uint8_t out[32U] = {0U};
4028 libcrux_sha3_sha256_ema(Eurydice_array_to_slice((size_t)32U, out, uint8_t),
4029 data);
4030 memcpy(ret, out, (size_t)32U * sizeof(uint8_t));
4031 }
4032
4033 /**
4034 SHA3 384
4035 */
libcrux_sha3_sha384_ema(Eurydice_slice digest,Eurydice_slice payload)4036 static KRML_MUSTINLINE void libcrux_sha3_sha384_ema(Eurydice_slice digest,
4037 Eurydice_slice payload) {
4038 libcrux_sha3_portable_sha384(digest, payload);
4039 }
4040
4041 /**
4042 SHA3 384
4043 */
libcrux_sha3_sha384(Eurydice_slice data,uint8_t ret[48U])4044 static KRML_MUSTINLINE void libcrux_sha3_sha384(Eurydice_slice data,
4045 uint8_t ret[48U]) {
4046 uint8_t out[48U] = {0U};
4047 libcrux_sha3_sha384_ema(Eurydice_array_to_slice((size_t)48U, out, uint8_t),
4048 data);
4049 memcpy(ret, out, (size_t)48U * sizeof(uint8_t));
4050 }
4051
4052 /**
4053 SHA3 512
4054 */
libcrux_sha3_sha512_ema(Eurydice_slice digest,Eurydice_slice payload)4055 static KRML_MUSTINLINE void libcrux_sha3_sha512_ema(Eurydice_slice digest,
4056 Eurydice_slice payload) {
4057 libcrux_sha3_portable_sha512(digest, payload);
4058 }
4059
4060 /**
4061 SHA3 512
4062 */
libcrux_sha3_sha512(Eurydice_slice data,uint8_t ret[64U])4063 static KRML_MUSTINLINE void libcrux_sha3_sha512(Eurydice_slice data,
4064 uint8_t ret[64U]) {
4065 uint8_t out[64U] = {0U};
4066 libcrux_sha3_sha512_ema(Eurydice_array_to_slice((size_t)64U, out, uint8_t),
4067 data);
4068 memcpy(ret, out, (size_t)64U * sizeof(uint8_t));
4069 }
4070
4071 /**
4072 This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1:
4073 usize> for u64)}
4074 */
4075 /**
4076 A monomorphic instance of libcrux_sha3.portable_keccak.load_block_5a
4077 with const generics
4078 - RATE= 168
4079 */
libcrux_sha3_portable_keccak_load_block_5a_b83(uint64_t (* a)[5U],Eurydice_slice b[1U])4080 static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_b83(
4081 uint64_t (*a)[5U], Eurydice_slice b[1U]) {
4082 uint64_t(*uu____0)[5U] = a;
4083 /* Passing arrays by value in Rust generates a copy in C */
4084 Eurydice_slice copy_of_b[1U];
4085 memcpy(copy_of_b, b, (size_t)1U * sizeof(Eurydice_slice));
4086 libcrux_sha3_portable_keccak_load_block_2c1(uu____0, copy_of_b);
4087 }
4088
4089 /**
4090 A monomorphic instance of libcrux_sha3.generic_keccak.absorb_block
4091 with types uint64_t
4092 with const generics
4093 - N= 1
4094 - RATE= 168
4095 */
libcrux_sha3_generic_keccak_absorb_block_df3(libcrux_sha3_generic_keccak_KeccakState_48 * s,Eurydice_slice blocks[1U])4096 static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_df3(
4097 libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice blocks[1U]) {
4098 uint64_t(*uu____0)[5U] = s->st;
4099 Eurydice_slice uu____1[1U];
4100 memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice));
4101 libcrux_sha3_portable_keccak_load_block_5a_b83(uu____0, uu____1);
4102 libcrux_sha3_generic_keccak_keccakf1600_21(s);
4103 }
4104
4105 /**
4106 A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full
4107 with const generics
4108 - RATE= 168
4109 */
libcrux_sha3_portable_keccak_store_block_full_2d3(uint64_t (* s)[5U],uint8_t ret[1U][200U])4110 static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_2d3(
4111 uint64_t (*s)[5U], uint8_t ret[1U][200U]) {
4112 uint8_t out[200U] = {0U};
4113 Eurydice_slice buf[1U] = {
4114 Eurydice_array_to_slice((size_t)200U, out, uint8_t)};
4115 libcrux_sha3_portable_keccak_store_block_581(s, buf);
4116 /* Passing arrays by value in Rust generates a copy in C */
4117 uint8_t copy_of_out[200U];
4118 memcpy(copy_of_out, out, (size_t)200U * sizeof(uint8_t));
4119 memcpy(ret[0U], copy_of_out, (size_t)200U * sizeof(uint8_t));
4120 }
4121
4122 /**
4123 This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1:
4124 usize> for u64)}
4125 */
4126 /**
4127 A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full_5a
4128 with const generics
4129 - RATE= 168
4130 */
4131 static KRML_MUSTINLINE void
libcrux_sha3_portable_keccak_store_block_full_5a_293(uint64_t (* a)[5U],uint8_t ret[1U][200U])4132 libcrux_sha3_portable_keccak_store_block_full_5a_293(uint64_t (*a)[5U],
4133 uint8_t ret[1U][200U]) {
4134 libcrux_sha3_portable_keccak_store_block_full_2d3(a, ret);
4135 }
4136
4137 /**
4138 A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_and_last
4139 with types uint64_t
4140 with const generics
4141 - N= 1
4142 - RATE= 168
4143 */
4144 static KRML_MUSTINLINE void
libcrux_sha3_generic_keccak_squeeze_first_and_last_c53(libcrux_sha3_generic_keccak_KeccakState_48 * s,Eurydice_slice out[1U])4145 libcrux_sha3_generic_keccak_squeeze_first_and_last_c53(
4146 libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) {
4147 uint8_t b[1U][200U];
4148 libcrux_sha3_portable_keccak_store_block_full_5a_293(s->st, b);
4149 for (size_t i = (size_t)0U; i < (size_t)1U; i++) {
4150 size_t i0 = i;
4151 Eurydice_slice uu____0 = out[i0];
4152 uint8_t *uu____1 = b[i0];
4153 core_ops_range_Range_b3 lit;
4154 lit.start = (size_t)0U;
4155 lit.end = Eurydice_slice_len(out[i0], uint8_t);
4156 Eurydice_slice_copy(
4157 uu____0,
4158 Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t,
4159 core_ops_range_Range_b3),
4160 uint8_t);
4161 }
4162 }
4163
4164 /**
4165 A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_last
4166 with types uint64_t
4167 with const generics
4168 - N= 1
4169 - RATE= 168
4170 */
libcrux_sha3_generic_keccak_squeeze_last_cf3(libcrux_sha3_generic_keccak_KeccakState_48 s,Eurydice_slice out[1U])4171 static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_cf3(
4172 libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) {
4173 libcrux_sha3_generic_keccak_keccakf1600_21(&s);
4174 uint8_t b[1U][200U];
4175 libcrux_sha3_portable_keccak_store_block_full_5a_293(s.st, b);
4176 for (size_t i = (size_t)0U; i < (size_t)1U; i++) {
4177 size_t i0 = i;
4178 Eurydice_slice uu____0 = out[i0];
4179 uint8_t *uu____1 = b[i0];
4180 core_ops_range_Range_b3 lit;
4181 lit.start = (size_t)0U;
4182 lit.end = Eurydice_slice_len(out[i0], uint8_t);
4183 Eurydice_slice_copy(
4184 uu____0,
4185 Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t,
4186 core_ops_range_Range_b3),
4187 uint8_t);
4188 }
4189 }
4190
4191 /**
4192 A monomorphic instance of libcrux_sha3.generic_keccak.keccak
4193 with types uint64_t
4194 with const generics
4195 - N= 1
4196 - RATE= 168
4197 - DELIM= 31
4198 */
libcrux_sha3_generic_keccak_keccak_e94(Eurydice_slice data[1U],Eurydice_slice out[1U])4199 static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_e94(
4200 Eurydice_slice data[1U], Eurydice_slice out[1U]) {
4201 libcrux_sha3_generic_keccak_KeccakState_48 s =
4202 libcrux_sha3_generic_keccak_new_1e_f4();
4203 for (size_t i = (size_t)0U;
4204 i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)168U; i++) {
4205 size_t i0 = i;
4206 libcrux_sha3_generic_keccak_KeccakState_48 *uu____0 = &s;
4207 /* Passing arrays by value in Rust generates a copy in C */
4208 Eurydice_slice copy_of_data[1U];
4209 memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice));
4210 Eurydice_slice ret[1U];
4211 libcrux_sha3_portable_keccak_slice_n_5a(copy_of_data, i0 * (size_t)168U,
4212 (size_t)168U, ret);
4213 libcrux_sha3_generic_keccak_absorb_block_df3(uu____0, ret);
4214 }
4215 size_t rem = Eurydice_slice_len(data[0U], uint8_t) % (size_t)168U;
4216 libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s;
4217 /* Passing arrays by value in Rust generates a copy in C */
4218 Eurydice_slice copy_of_data[1U];
4219 memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice));
4220 Eurydice_slice ret[1U];
4221 libcrux_sha3_portable_keccak_slice_n_5a(
4222 copy_of_data, Eurydice_slice_len(data[0U], uint8_t) - rem, rem, ret);
4223 libcrux_sha3_generic_keccak_absorb_final_c72(uu____2, ret);
4224 size_t outlen = Eurydice_slice_len(out[0U], uint8_t);
4225 size_t blocks = outlen / (size_t)168U;
4226 size_t last = outlen - outlen % (size_t)168U;
4227 if (blocks == (size_t)0U) {
4228 libcrux_sha3_generic_keccak_squeeze_first_and_last_c53(&s, out);
4229 } else {
4230 Eurydice_slice_uint8_t_1size_t__x2 uu____4 =
4231 libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)168U);
4232 Eurydice_slice o0[1U];
4233 memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice));
4234 Eurydice_slice o1[1U];
4235 memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice));
4236 libcrux_sha3_generic_keccak_squeeze_first_block_841(&s, o0);
4237 core_ops_range_Range_b3 iter =
4238 core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter(
4239 (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U,
4240 .end = blocks}),
4241 core_ops_range_Range_b3, core_ops_range_Range_b3);
4242 while (true) {
4243 if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next(
4244 &iter, size_t, Option_b3)
4245 .tag == None) {
4246 break;
4247 } else {
4248 Eurydice_slice_uint8_t_1size_t__x2 uu____5 =
4249 libcrux_sha3_portable_keccak_split_at_mut_n_5a(o1, (size_t)168U);
4250 Eurydice_slice o[1U];
4251 memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice));
4252 Eurydice_slice orest[1U];
4253 memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice));
4254 libcrux_sha3_generic_keccak_squeeze_next_block_fc1(&s, o);
4255 memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice));
4256 }
4257 }
4258 if (last < outlen) {
4259 libcrux_sha3_generic_keccak_squeeze_last_cf3(s, o1);
4260 }
4261 }
4262 }
4263
4264 /**
4265 A monomorphic instance of libcrux_sha3.portable.keccakx1
4266 with const generics
4267 - RATE= 168
4268 - DELIM= 31
4269 */
libcrux_sha3_portable_keccakx1_ce4(Eurydice_slice data[1U],Eurydice_slice out[1U])4270 static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_ce4(
4271 Eurydice_slice data[1U], Eurydice_slice out[1U]) {
4272 /* Passing arrays by value in Rust generates a copy in C */
4273 Eurydice_slice copy_of_data[1U];
4274 memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice));
4275 libcrux_sha3_generic_keccak_keccak_e94(copy_of_data, out);
4276 }
4277
4278 /**
4279 A portable SHAKE128 implementation.
4280 */
libcrux_sha3_portable_shake128(Eurydice_slice digest,Eurydice_slice data)4281 static KRML_MUSTINLINE void libcrux_sha3_portable_shake128(
4282 Eurydice_slice digest, Eurydice_slice data) {
4283 Eurydice_slice buf0[1U] = {data};
4284 Eurydice_slice buf[1U] = {digest};
4285 libcrux_sha3_portable_keccakx1_ce4(buf0, buf);
4286 }
4287
4288 /**
4289 SHAKE 128
4290
4291 Writes `out.len()` bytes.
4292 */
libcrux_sha3_shake128_ema(Eurydice_slice out,Eurydice_slice data)4293 static KRML_MUSTINLINE void libcrux_sha3_shake128_ema(Eurydice_slice out,
4294 Eurydice_slice data) {
4295 libcrux_sha3_portable_shake128(out, data);
4296 }
4297
4298 /**
4299 SHAKE 256
4300
4301 Writes `out.len()` bytes.
4302 */
libcrux_sha3_shake256_ema(Eurydice_slice out,Eurydice_slice data)4303 static KRML_MUSTINLINE void libcrux_sha3_shake256_ema(Eurydice_slice out,
4304 Eurydice_slice data) {
4305 libcrux_sha3_portable_shake256(out, data);
4306 }
4307
4308 static const size_t libcrux_sha3_generic_keccak__PI[24U] = {
4309 (size_t)6U, (size_t)12U, (size_t)18U, (size_t)24U, (size_t)3U,
4310 (size_t)9U, (size_t)10U, (size_t)16U, (size_t)22U, (size_t)1U,
4311 (size_t)7U, (size_t)13U, (size_t)19U, (size_t)20U, (size_t)4U,
4312 (size_t)5U, (size_t)11U, (size_t)17U, (size_t)23U, (size_t)2U,
4313 (size_t)8U, (size_t)14U, (size_t)15U, (size_t)21U};
4314
4315 static const size_t libcrux_sha3_generic_keccak__ROTC[24U] = {
4316 (size_t)1U, (size_t)62U, (size_t)28U, (size_t)27U, (size_t)36U,
4317 (size_t)44U, (size_t)6U, (size_t)55U, (size_t)20U, (size_t)3U,
4318 (size_t)10U, (size_t)43U, (size_t)25U, (size_t)39U, (size_t)41U,
4319 (size_t)45U, (size_t)15U, (size_t)21U, (size_t)8U, (size_t)18U,
4320 (size_t)2U, (size_t)61U, (size_t)56U, (size_t)14U};
4321
4322 /**
4323 A portable SHA3 224 implementation.
4324 */
libcrux_sha3_neon_sha224(Eurydice_slice digest,Eurydice_slice data)4325 static KRML_MUSTINLINE void libcrux_sha3_neon_sha224(Eurydice_slice digest,
4326 Eurydice_slice data) {
4327 KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__,
4328 "panic!");
4329 KRML_HOST_EXIT(255U);
4330 }
4331
4332 /**
4333 A portable SHA3 256 implementation.
4334 */
libcrux_sha3_neon_sha256(Eurydice_slice digest,Eurydice_slice data)4335 static KRML_MUSTINLINE void libcrux_sha3_neon_sha256(Eurydice_slice digest,
4336 Eurydice_slice data) {
4337 KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__,
4338 "panic!");
4339 KRML_HOST_EXIT(255U);
4340 }
4341
4342 /**
4343 A portable SHA3 384 implementation.
4344 */
libcrux_sha3_neon_sha384(Eurydice_slice digest,Eurydice_slice data)4345 static KRML_MUSTINLINE void libcrux_sha3_neon_sha384(Eurydice_slice digest,
4346 Eurydice_slice data) {
4347 KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__,
4348 "panic!");
4349 KRML_HOST_EXIT(255U);
4350 }
4351
4352 /**
4353 A portable SHA3 512 implementation.
4354 */
libcrux_sha3_neon_sha512(Eurydice_slice digest,Eurydice_slice data)4355 static KRML_MUSTINLINE void libcrux_sha3_neon_sha512(Eurydice_slice digest,
4356 Eurydice_slice data) {
4357 KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__,
4358 "panic!");
4359 KRML_HOST_EXIT(255U);
4360 }
4361
4362 /**
4363 Run SHAKE256 on both inputs in parallel.
4364
4365 Writes the two results into `out0` and `out1`
4366 */
libcrux_sha3_neon_x2_shake256(Eurydice_slice input0,Eurydice_slice input1,Eurydice_slice out0,Eurydice_slice out1)4367 static KRML_MUSTINLINE void libcrux_sha3_neon_x2_shake256(Eurydice_slice input0,
4368 Eurydice_slice input1,
4369 Eurydice_slice out0,
4370 Eurydice_slice out1) {
4371 KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__,
4372 "panic!");
4373 KRML_HOST_EXIT(255U);
4374 }
4375
4376 typedef struct libcrux_sha3_neon_x2_incremental_KeccakState_s {
4377 libcrux_sha3_generic_keccak_KeccakState_48 state[2U];
4378 } libcrux_sha3_neon_x2_incremental_KeccakState;
4379
4380 /**
4381 Initialise the `KeccakState2`.
4382 */
4383 static KRML_MUSTINLINE libcrux_sha3_neon_x2_incremental_KeccakState
libcrux_sha3_neon_x2_incremental_shake128_init(void)4384 libcrux_sha3_neon_x2_incremental_shake128_init(void) {
4385 KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__,
4386 "panic!");
4387 KRML_HOST_EXIT(255U);
4388 }
4389
4390 /**
4391 Shake128 absorb `data0` and `data1` in the [`KeccakState`] `s`.
4392 */
4393 static KRML_MUSTINLINE void
libcrux_sha3_neon_x2_incremental_shake128_absorb_final(libcrux_sha3_neon_x2_incremental_KeccakState * s,Eurydice_slice data0,Eurydice_slice data1)4394 libcrux_sha3_neon_x2_incremental_shake128_absorb_final(
4395 libcrux_sha3_neon_x2_incremental_KeccakState *s, Eurydice_slice data0,
4396 Eurydice_slice data1) {
4397 KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__,
4398 "panic!");
4399 KRML_HOST_EXIT(255U);
4400 }
4401
4402 /**
4403 Squeeze 2 times the first three blocks in parallel in the
4404 [`KeccakState`] and return the output in `out0` and `out1`.
4405 */
4406 static KRML_MUSTINLINE void
libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks(libcrux_sha3_neon_x2_incremental_KeccakState * s,Eurydice_slice out0,Eurydice_slice out1)4407 libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks(
4408 libcrux_sha3_neon_x2_incremental_KeccakState *s, Eurydice_slice out0,
4409 Eurydice_slice out1) {
4410 KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__,
4411 "panic!");
4412 KRML_HOST_EXIT(255U);
4413 }
4414
4415 /**
4416 Squeeze 2 times the next block in parallel in the
4417 [`KeccakState`] and return the output in `out0` and `out1`.
4418 */
4419 static KRML_MUSTINLINE void
libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block(libcrux_sha3_neon_x2_incremental_KeccakState * s,Eurydice_slice out0,Eurydice_slice out1)4420 libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block(
4421 libcrux_sha3_neon_x2_incremental_KeccakState *s, Eurydice_slice out0,
4422 Eurydice_slice out1) {
4423 KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__,
4424 "panic!");
4425 KRML_HOST_EXIT(255U);
4426 }
4427
4428 /**
4429 A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_five_blocks
4430 with types uint64_t
4431 with const generics
4432 - N= 1
4433 - RATE= 168
4434 */
4435 static KRML_MUSTINLINE void
libcrux_sha3_generic_keccak_squeeze_first_five_blocks_4f(libcrux_sha3_generic_keccak_KeccakState_48 * s,Eurydice_slice out[1U])4436 libcrux_sha3_generic_keccak_squeeze_first_five_blocks_4f(
4437 libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) {
4438 Eurydice_slice_uint8_t_1size_t__x2 uu____0 =
4439 libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)168U);
4440 Eurydice_slice o0[1U];
4441 memcpy(o0, uu____0.fst, (size_t)1U * sizeof(Eurydice_slice));
4442 Eurydice_slice o10[1U];
4443 memcpy(o10, uu____0.snd, (size_t)1U * sizeof(Eurydice_slice));
4444 libcrux_sha3_generic_keccak_squeeze_first_block_841(s, o0);
4445 Eurydice_slice_uint8_t_1size_t__x2 uu____1 =
4446 libcrux_sha3_portable_keccak_split_at_mut_n_5a(o10, (size_t)168U);
4447 Eurydice_slice o1[1U];
4448 memcpy(o1, uu____1.fst, (size_t)1U * sizeof(Eurydice_slice));
4449 Eurydice_slice o20[1U];
4450 memcpy(o20, uu____1.snd, (size_t)1U * sizeof(Eurydice_slice));
4451 libcrux_sha3_generic_keccak_squeeze_next_block_fc1(s, o1);
4452 Eurydice_slice_uint8_t_1size_t__x2 uu____2 =
4453 libcrux_sha3_portable_keccak_split_at_mut_n_5a(o20, (size_t)168U);
4454 Eurydice_slice o2[1U];
4455 memcpy(o2, uu____2.fst, (size_t)1U * sizeof(Eurydice_slice));
4456 Eurydice_slice o30[1U];
4457 memcpy(o30, uu____2.snd, (size_t)1U * sizeof(Eurydice_slice));
4458 libcrux_sha3_generic_keccak_squeeze_next_block_fc1(s, o2);
4459 Eurydice_slice_uint8_t_1size_t__x2 uu____3 =
4460 libcrux_sha3_portable_keccak_split_at_mut_n_5a(o30, (size_t)168U);
4461 Eurydice_slice o3[1U];
4462 memcpy(o3, uu____3.fst, (size_t)1U * sizeof(Eurydice_slice));
4463 Eurydice_slice o4[1U];
4464 memcpy(o4, uu____3.snd, (size_t)1U * sizeof(Eurydice_slice));
4465 libcrux_sha3_generic_keccak_squeeze_next_block_fc1(s, o3);
4466 libcrux_sha3_generic_keccak_squeeze_next_block_fc1(s, o4);
4467 }
4468
4469 /**
4470 Squeeze five blocks
4471 */
4472 static KRML_MUSTINLINE void
libcrux_sha3_portable_incremental_shake128_squeeze_first_five_blocks(libcrux_sha3_generic_keccak_KeccakState_48 * s,Eurydice_slice out0)4473 libcrux_sha3_portable_incremental_shake128_squeeze_first_five_blocks(
4474 libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out0) {
4475 Eurydice_slice buf[1U] = {out0};
4476 libcrux_sha3_generic_keccak_squeeze_first_five_blocks_4f(s, buf);
4477 }
4478
4479 /**
4480 Absorb some data for SHAKE-256 for the last time
4481 */
4482 static KRML_MUSTINLINE void
libcrux_sha3_portable_incremental_shake256_absorb_final(libcrux_sha3_generic_keccak_KeccakState_48 * s,Eurydice_slice data)4483 libcrux_sha3_portable_incremental_shake256_absorb_final(
4484 libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice data) {
4485 Eurydice_slice buf[1U] = {data};
4486 libcrux_sha3_generic_keccak_absorb_final_c71(s, buf);
4487 }
4488
4489 /**
4490 Create a new SHAKE-256 state object.
4491 */
4492 static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_48
libcrux_sha3_portable_incremental_shake256_init(void)4493 libcrux_sha3_portable_incremental_shake256_init(void) {
4494 return libcrux_sha3_generic_keccak_new_1e_f4();
4495 }
4496
4497 /**
4498 Squeeze the first SHAKE-256 block
4499 */
4500 static KRML_MUSTINLINE void
libcrux_sha3_portable_incremental_shake256_squeeze_first_block(libcrux_sha3_generic_keccak_KeccakState_48 * s,Eurydice_slice out)4501 libcrux_sha3_portable_incremental_shake256_squeeze_first_block(
4502 libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out) {
4503 Eurydice_slice buf[1U] = {out};
4504 libcrux_sha3_generic_keccak_squeeze_first_block_840(s, buf);
4505 }
4506
4507 /**
4508 Squeeze the next SHAKE-256 block
4509 */
4510 static KRML_MUSTINLINE void
libcrux_sha3_portable_incremental_shake256_squeeze_next_block(libcrux_sha3_generic_keccak_KeccakState_48 * s,Eurydice_slice out)4511 libcrux_sha3_portable_incremental_shake256_squeeze_next_block(
4512 libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out) {
4513 Eurydice_slice buf[1U] = {out};
4514 libcrux_sha3_generic_keccak_squeeze_next_block_fc0(s, buf);
4515 }
4516
4517 /**
4518 A monomorphic instance of libcrux_sha3.generic_keccak.KeccakXofState
4519 with types uint64_t
4520 with const generics
4521 - $1size_t
4522 - $136size_t
4523 */
4524 typedef struct libcrux_sha3_generic_keccak_KeccakXofState_4f_s {
4525 libcrux_sha3_generic_keccak_KeccakState_48 inner;
4526 uint8_t buf[1U][136U];
4527 size_t buf_len;
4528 bool sponge;
4529 } libcrux_sha3_generic_keccak_KeccakXofState_4f;
4530
4531 typedef libcrux_sha3_generic_keccak_KeccakXofState_4f
4532 libcrux_sha3_portable_incremental_Shake256Absorb;
4533
4534 /**
4535 Consume the internal buffer and the required amount of the input to pad to
4536 `RATE`.
4537
4538 Returns the `consumed` bytes from `inputs` if there's enough buffered
4539 content to consume, and `0` otherwise.
4540 If `consumed > 0` is returned, `self.buf` contains a full block to be
4541 loaded.
4542 */
4543 /**
4544 This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState<STATE,
4545 PARALLEL_LANES, RATE>[TraitClause@0]#2}
4546 */
4547 /**
4548 A monomorphic instance of libcrux_sha3.generic_keccak.fill_buffer_9d
4549 with types uint64_t
4550 with const generics
4551 - PARALLEL_LANES= 1
4552 - RATE= 136
4553 */
libcrux_sha3_generic_keccak_fill_buffer_9d_b0(libcrux_sha3_generic_keccak_KeccakXofState_4f * self,Eurydice_slice inputs[1U])4554 static inline size_t libcrux_sha3_generic_keccak_fill_buffer_9d_b0(
4555 libcrux_sha3_generic_keccak_KeccakXofState_4f *self,
4556 Eurydice_slice inputs[1U]) {
4557 size_t input_len = Eurydice_slice_len(inputs[0U], uint8_t);
4558 size_t consumed = (size_t)0U;
4559 if (self->buf_len > (size_t)0U) {
4560 if (self->buf_len + input_len >= (size_t)136U) {
4561 consumed = (size_t)136U - self->buf_len;
4562 for (size_t i = (size_t)0U; i < (size_t)1U; i++) {
4563 size_t i0 = i;
4564 Eurydice_slice uu____0 = Eurydice_array_to_subslice_from(
4565 (size_t)136U, self->buf[i0], self->buf_len, uint8_t, size_t);
4566 Eurydice_slice_copy(
4567 uu____0,
4568 Eurydice_slice_subslice_to(inputs[i0], consumed, uint8_t, size_t),
4569 uint8_t);
4570 }
4571 self->buf_len = self->buf_len + consumed;
4572 }
4573 }
4574 return consumed;
4575 }
4576
4577 /**
4578 This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState<STATE,
4579 PARALLEL_LANES, RATE>[TraitClause@0]#2}
4580 */
4581 /**
4582 A monomorphic instance of libcrux_sha3.generic_keccak.absorb_full_9d
4583 with types uint64_t
4584 with const generics
4585 - PARALLEL_LANES= 1
4586 - RATE= 136
4587 */
libcrux_sha3_generic_keccak_absorb_full_9d_f8(libcrux_sha3_generic_keccak_KeccakXofState_4f * self,Eurydice_slice inputs[1U])4588 static inline size_t libcrux_sha3_generic_keccak_absorb_full_9d_f8(
4589 libcrux_sha3_generic_keccak_KeccakXofState_4f *self,
4590 Eurydice_slice inputs[1U]) {
4591 libcrux_sha3_generic_keccak_KeccakXofState_4f *uu____0 = self;
4592 /* Passing arrays by value in Rust generates a copy in C */
4593 Eurydice_slice copy_of_inputs0[1U];
4594 memcpy(copy_of_inputs0, inputs, (size_t)1U * sizeof(Eurydice_slice));
4595 size_t input_consumed =
4596 libcrux_sha3_generic_keccak_fill_buffer_9d_b0(uu____0, copy_of_inputs0);
4597 if (input_consumed > (size_t)0U) {
4598 Eurydice_slice borrowed[1U];
4599 for (size_t i = (size_t)0U; i < (size_t)1U; i++) {
4600 uint8_t buf[136U] = {0U};
4601 borrowed[i] = core_array___Array_T__N__23__as_slice(
4602 (size_t)136U, buf, uint8_t, Eurydice_slice);
4603 }
4604 for (size_t i = (size_t)0U; i < (size_t)1U; i++) {
4605 size_t i0 = i;
4606 borrowed[i0] =
4607 Eurydice_array_to_slice((size_t)136U, self->buf[i0], uint8_t);
4608 }
4609 uint64_t(*uu____2)[5U] = self->inner.st;
4610 Eurydice_slice uu____3[1U];
4611 memcpy(uu____3, borrowed, (size_t)1U * sizeof(Eurydice_slice));
4612 libcrux_sha3_portable_keccak_load_block_5a_b80(uu____2, uu____3);
4613 libcrux_sha3_generic_keccak_keccakf1600_21(&self->inner);
4614 self->buf_len = (size_t)0U;
4615 }
4616 size_t input_to_consume =
4617 Eurydice_slice_len(inputs[0U], uint8_t) - input_consumed;
4618 size_t num_blocks = input_to_consume / (size_t)136U;
4619 size_t remainder = input_to_consume % (size_t)136U;
4620 for (size_t i = (size_t)0U; i < num_blocks; i++) {
4621 size_t i0 = i;
4622 uint64_t(*uu____4)[5U] = self->inner.st;
4623 /* Passing arrays by value in Rust generates a copy in C */
4624 Eurydice_slice copy_of_inputs[1U];
4625 memcpy(copy_of_inputs, inputs, (size_t)1U * sizeof(Eurydice_slice));
4626 Eurydice_slice ret[1U];
4627 libcrux_sha3_portable_keccak_slice_n_5a(
4628 copy_of_inputs, input_consumed + i0 * (size_t)136U, (size_t)136U, ret);
4629 libcrux_sha3_portable_keccak_load_block_5a_b80(uu____4, ret);
4630 libcrux_sha3_generic_keccak_keccakf1600_21(&self->inner);
4631 }
4632 return remainder;
4633 }
4634
4635 /**
4636 Absorb
4637
4638 This function takes any number of bytes to absorb and buffers if it's not
4639 enough. The function assumes that all input slices in `blocks` have the same
4640 length.
4641
4642 Only a multiple of `RATE` blocks are absorbed.
4643 For the remaining bytes [`absorb_final`] needs to be called.
4644
4645 This works best with relatively small `inputs`.
4646 */
4647 /**
4648 This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState<STATE,
4649 PARALLEL_LANES, RATE>[TraitClause@0]#2}
4650 */
4651 /**
4652 A monomorphic instance of libcrux_sha3.generic_keccak.absorb_9d
4653 with types uint64_t
4654 with const generics
4655 - PARALLEL_LANES= 1
4656 - RATE= 136
4657 */
libcrux_sha3_generic_keccak_absorb_9d_7b(libcrux_sha3_generic_keccak_KeccakXofState_4f * self,Eurydice_slice inputs[1U])4658 static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_9d_7b(
4659 libcrux_sha3_generic_keccak_KeccakXofState_4f *self,
4660 Eurydice_slice inputs[1U]) {
4661 libcrux_sha3_generic_keccak_KeccakXofState_4f *uu____0 = self;
4662 /* Passing arrays by value in Rust generates a copy in C */
4663 Eurydice_slice copy_of_inputs[1U];
4664 memcpy(copy_of_inputs, inputs, (size_t)1U * sizeof(Eurydice_slice));
4665 size_t input_remainder_len =
4666 libcrux_sha3_generic_keccak_absorb_full_9d_f8(uu____0, copy_of_inputs);
4667 if (input_remainder_len > (size_t)0U) {
4668 size_t input_len = Eurydice_slice_len(inputs[0U], uint8_t);
4669 for (size_t i = (size_t)0U; i < (size_t)1U; i++) {
4670 size_t i0 = i;
4671 Eurydice_slice uu____2 = Eurydice_array_to_subslice2(
4672 self->buf[i0], self->buf_len, self->buf_len + input_remainder_len,
4673 uint8_t);
4674 Eurydice_slice_copy(
4675 uu____2,
4676 Eurydice_slice_subslice_from(
4677 inputs[i0], input_len - input_remainder_len, uint8_t, size_t),
4678 uint8_t);
4679 }
4680 self->buf_len = self->buf_len + input_remainder_len;
4681 }
4682 }
4683
4684 /**
4685 Shake256 absorb
4686 */
4687 /**
4688 This function found in impl
4689 {(libcrux_sha3::portable::incremental::XofAbsorb<136: usize> for
4690 libcrux_sha3::portable::incremental::Shake256Absorb)#2}
4691 */
libcrux_sha3_portable_incremental_absorb_7d(libcrux_sha3_generic_keccak_KeccakXofState_4f * self,Eurydice_slice input)4692 static inline void libcrux_sha3_portable_incremental_absorb_7d(
4693 libcrux_sha3_generic_keccak_KeccakXofState_4f *self, Eurydice_slice input) {
4694 Eurydice_slice buf[1U] = {input};
4695 libcrux_sha3_generic_keccak_absorb_9d_7b(self, buf);
4696 }
4697
4698 typedef libcrux_sha3_generic_keccak_KeccakXofState_4f
4699 libcrux_sha3_portable_incremental_Shake256Squeeze;
4700
4701 /**
4702 Absorb a final block.
4703
4704 The `inputs` block may be empty. Everything in the `inputs` block beyond
4705 `RATE` bytes is ignored.
4706 */
4707 /**
4708 This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState<STATE,
4709 PARALLEL_LANES, RATE>[TraitClause@0]#2}
4710 */
4711 /**
4712 A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final_9d
4713 with types uint64_t
4714 with const generics
4715 - PARALLEL_LANES= 1
4716 - RATE= 136
4717 - DELIMITER= 31
4718 */
libcrux_sha3_generic_keccak_absorb_final_9d_25(libcrux_sha3_generic_keccak_KeccakXofState_4f * self,Eurydice_slice inputs[1U])4719 static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_9d_25(
4720 libcrux_sha3_generic_keccak_KeccakXofState_4f *self,
4721 Eurydice_slice inputs[1U]) {
4722 libcrux_sha3_generic_keccak_KeccakXofState_4f *uu____0 = self;
4723 /* Passing arrays by value in Rust generates a copy in C */
4724 Eurydice_slice copy_of_inputs[1U];
4725 memcpy(copy_of_inputs, inputs, (size_t)1U * sizeof(Eurydice_slice));
4726 size_t input_remainder_len =
4727 libcrux_sha3_generic_keccak_absorb_full_9d_f8(uu____0, copy_of_inputs);
4728 size_t input_len = Eurydice_slice_len(inputs[0U], uint8_t);
4729 uint8_t blocks[1U][200U] = {{0U}};
4730 for (size_t i = (size_t)0U; i < (size_t)1U; i++) {
4731 size_t i0 = i;
4732 if (self->buf_len > (size_t)0U) {
4733 Eurydice_slice uu____2 = Eurydice_array_to_subslice2(
4734 blocks[i0], (size_t)0U, self->buf_len, uint8_t);
4735 Eurydice_slice_copy(uu____2,
4736 Eurydice_array_to_subslice2(self->buf[i0], (size_t)0U,
4737 self->buf_len, uint8_t),
4738 uint8_t);
4739 }
4740 if (input_remainder_len > (size_t)0U) {
4741 Eurydice_slice uu____3 = Eurydice_array_to_subslice2(
4742 blocks[i0], self->buf_len, self->buf_len + input_remainder_len,
4743 uint8_t);
4744 Eurydice_slice_copy(
4745 uu____3,
4746 Eurydice_slice_subslice_from(
4747 inputs[i0], input_len - input_remainder_len, uint8_t, size_t),
4748 uint8_t);
4749 }
4750 blocks[i0][self->buf_len + input_remainder_len] = 31U;
4751 size_t uu____4 = i0;
4752 size_t uu____5 = (size_t)136U - (size_t)1U;
4753 blocks[uu____4][uu____5] = (uint32_t)blocks[uu____4][uu____5] | 128U;
4754 }
4755 uint64_t(*uu____6)[5U] = self->inner.st;
4756 uint8_t uu____7[1U][200U];
4757 memcpy(uu____7, blocks, (size_t)1U * sizeof(uint8_t[200U]));
4758 libcrux_sha3_portable_keccak_load_block_full_5a_d20(uu____6, uu____7);
4759 libcrux_sha3_generic_keccak_keccakf1600_21(&self->inner);
4760 }
4761
4762 /**
4763 Shake256 absorb final
4764 */
4765 /**
4766 This function found in impl
4767 {(libcrux_sha3::portable::incremental::XofAbsorb<136: usize> for
4768 libcrux_sha3::portable::incremental::Shake256Absorb)#2}
4769 */
4770 static inline libcrux_sha3_generic_keccak_KeccakXofState_4f
libcrux_sha3_portable_incremental_absorb_final_7d(libcrux_sha3_generic_keccak_KeccakXofState_4f self,Eurydice_slice input)4771 libcrux_sha3_portable_incremental_absorb_final_7d(
4772 libcrux_sha3_generic_keccak_KeccakXofState_4f self, Eurydice_slice input) {
4773 Eurydice_slice buf[1U] = {input};
4774 libcrux_sha3_generic_keccak_absorb_final_9d_25(&self, buf);
4775 return self;
4776 }
4777
4778 /**
4779 An all zero block
4780 */
4781 /**
4782 This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState<STATE,
4783 PARALLEL_LANES, RATE>[TraitClause@0]#2}
4784 */
4785 /**
4786 A monomorphic instance of libcrux_sha3.generic_keccak.zero_block_9d
4787 with types uint64_t
4788 with const generics
4789 - PARALLEL_LANES= 1
4790 - RATE= 136
4791 */
libcrux_sha3_generic_keccak_zero_block_9d_e6(uint8_t ret[136U])4792 static inline void libcrux_sha3_generic_keccak_zero_block_9d_e6(
4793 uint8_t ret[136U]) {
4794 ret[0U] = 0U;
4795 ret[1U] = 0U;
4796 ret[2U] = 0U;
4797 ret[3U] = 0U;
4798 ret[4U] = 0U;
4799 ret[5U] = 0U;
4800 ret[6U] = 0U;
4801 ret[7U] = 0U;
4802 ret[8U] = 0U;
4803 ret[9U] = 0U;
4804 ret[10U] = 0U;
4805 ret[11U] = 0U;
4806 ret[12U] = 0U;
4807 ret[13U] = 0U;
4808 ret[14U] = 0U;
4809 ret[15U] = 0U;
4810 ret[16U] = 0U;
4811 ret[17U] = 0U;
4812 ret[18U] = 0U;
4813 ret[19U] = 0U;
4814 ret[20U] = 0U;
4815 ret[21U] = 0U;
4816 ret[22U] = 0U;
4817 ret[23U] = 0U;
4818 ret[24U] = 0U;
4819 ret[25U] = 0U;
4820 ret[26U] = 0U;
4821 ret[27U] = 0U;
4822 ret[28U] = 0U;
4823 ret[29U] = 0U;
4824 ret[30U] = 0U;
4825 ret[31U] = 0U;
4826 ret[32U] = 0U;
4827 ret[33U] = 0U;
4828 ret[34U] = 0U;
4829 ret[35U] = 0U;
4830 ret[36U] = 0U;
4831 ret[37U] = 0U;
4832 ret[38U] = 0U;
4833 ret[39U] = 0U;
4834 ret[40U] = 0U;
4835 ret[41U] = 0U;
4836 ret[42U] = 0U;
4837 ret[43U] = 0U;
4838 ret[44U] = 0U;
4839 ret[45U] = 0U;
4840 ret[46U] = 0U;
4841 ret[47U] = 0U;
4842 ret[48U] = 0U;
4843 ret[49U] = 0U;
4844 ret[50U] = 0U;
4845 ret[51U] = 0U;
4846 ret[52U] = 0U;
4847 ret[53U] = 0U;
4848 ret[54U] = 0U;
4849 ret[55U] = 0U;
4850 ret[56U] = 0U;
4851 ret[57U] = 0U;
4852 ret[58U] = 0U;
4853 ret[59U] = 0U;
4854 ret[60U] = 0U;
4855 ret[61U] = 0U;
4856 ret[62U] = 0U;
4857 ret[63U] = 0U;
4858 ret[64U] = 0U;
4859 ret[65U] = 0U;
4860 ret[66U] = 0U;
4861 ret[67U] = 0U;
4862 ret[68U] = 0U;
4863 ret[69U] = 0U;
4864 ret[70U] = 0U;
4865 ret[71U] = 0U;
4866 ret[72U] = 0U;
4867 ret[73U] = 0U;
4868 ret[74U] = 0U;
4869 ret[75U] = 0U;
4870 ret[76U] = 0U;
4871 ret[77U] = 0U;
4872 ret[78U] = 0U;
4873 ret[79U] = 0U;
4874 ret[80U] = 0U;
4875 ret[81U] = 0U;
4876 ret[82U] = 0U;
4877 ret[83U] = 0U;
4878 ret[84U] = 0U;
4879 ret[85U] = 0U;
4880 ret[86U] = 0U;
4881 ret[87U] = 0U;
4882 ret[88U] = 0U;
4883 ret[89U] = 0U;
4884 ret[90U] = 0U;
4885 ret[91U] = 0U;
4886 ret[92U] = 0U;
4887 ret[93U] = 0U;
4888 ret[94U] = 0U;
4889 ret[95U] = 0U;
4890 ret[96U] = 0U;
4891 ret[97U] = 0U;
4892 ret[98U] = 0U;
4893 ret[99U] = 0U;
4894 ret[100U] = 0U;
4895 ret[101U] = 0U;
4896 ret[102U] = 0U;
4897 ret[103U] = 0U;
4898 ret[104U] = 0U;
4899 ret[105U] = 0U;
4900 ret[106U] = 0U;
4901 ret[107U] = 0U;
4902 ret[108U] = 0U;
4903 ret[109U] = 0U;
4904 ret[110U] = 0U;
4905 ret[111U] = 0U;
4906 ret[112U] = 0U;
4907 ret[113U] = 0U;
4908 ret[114U] = 0U;
4909 ret[115U] = 0U;
4910 ret[116U] = 0U;
4911 ret[117U] = 0U;
4912 ret[118U] = 0U;
4913 ret[119U] = 0U;
4914 ret[120U] = 0U;
4915 ret[121U] = 0U;
4916 ret[122U] = 0U;
4917 ret[123U] = 0U;
4918 ret[124U] = 0U;
4919 ret[125U] = 0U;
4920 ret[126U] = 0U;
4921 ret[127U] = 0U;
4922 ret[128U] = 0U;
4923 ret[129U] = 0U;
4924 ret[130U] = 0U;
4925 ret[131U] = 0U;
4926 ret[132U] = 0U;
4927 ret[133U] = 0U;
4928 ret[134U] = 0U;
4929 ret[135U] = 0U;
4930 }
4931
4932 /**
4933 Generate a new keccak xof state.
4934 */
4935 /**
4936 This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState<STATE,
4937 PARALLEL_LANES, RATE>[TraitClause@0]#2}
4938 */
4939 /**
4940 A monomorphic instance of libcrux_sha3.generic_keccak.new_9d
4941 with types uint64_t
4942 with const generics
4943 - PARALLEL_LANES= 1
4944 - RATE= 136
4945 */
4946 static inline libcrux_sha3_generic_keccak_KeccakXofState_4f
libcrux_sha3_generic_keccak_new_9d_7e(void)4947 libcrux_sha3_generic_keccak_new_9d_7e(void) {
4948 libcrux_sha3_generic_keccak_KeccakXofState_4f lit;
4949 lit.inner = libcrux_sha3_generic_keccak_new_1e_f4();
4950 uint8_t ret[136U];
4951 libcrux_sha3_generic_keccak_zero_block_9d_e6(ret);
4952 memcpy(lit.buf[0U], ret, (size_t)136U * sizeof(uint8_t));
4953 lit.buf_len = (size_t)0U;
4954 lit.sponge = false;
4955 return lit;
4956 }
4957
4958 /**
4959 Shake256 new state
4960 */
4961 /**
4962 This function found in impl
4963 {(libcrux_sha3::portable::incremental::XofAbsorb<136: usize> for
4964 libcrux_sha3::portable::incremental::Shake256Absorb)#2}
4965 */
4966 static inline libcrux_sha3_generic_keccak_KeccakXofState_4f
libcrux_sha3_portable_incremental_new_7d(void)4967 libcrux_sha3_portable_incremental_new_7d(void) {
4968 return libcrux_sha3_generic_keccak_new_9d_7e();
4969 }
4970
4971 /**
4972 A monomorphic instance of libcrux_sha3.generic_keccak.KeccakXofState
4973 with types uint64_t
4974 with const generics
4975 - $1size_t
4976 - $168size_t
4977 */
4978 typedef struct libcrux_sha3_generic_keccak_KeccakXofState_78_s {
4979 libcrux_sha3_generic_keccak_KeccakState_48 inner;
4980 uint8_t buf[1U][168U];
4981 size_t buf_len;
4982 bool sponge;
4983 } libcrux_sha3_generic_keccak_KeccakXofState_78;
4984
4985 typedef libcrux_sha3_generic_keccak_KeccakXofState_78
4986 libcrux_sha3_portable_incremental_Shake128Absorb;
4987
4988 /**
4989 Consume the internal buffer and the required amount of the input to pad to
4990 `RATE`.
4991
4992 Returns the `consumed` bytes from `inputs` if there's enough buffered
4993 content to consume, and `0` otherwise.
4994 If `consumed > 0` is returned, `self.buf` contains a full block to be
4995 loaded.
4996 */
4997 /**
4998 This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState<STATE,
4999 PARALLEL_LANES, RATE>[TraitClause@0]#2}
5000 */
5001 /**
5002 A monomorphic instance of libcrux_sha3.generic_keccak.fill_buffer_9d
5003 with types uint64_t
5004 with const generics
5005 - PARALLEL_LANES= 1
5006 - RATE= 168
5007 */
libcrux_sha3_generic_keccak_fill_buffer_9d_b00(libcrux_sha3_generic_keccak_KeccakXofState_78 * self,Eurydice_slice inputs[1U])5008 static inline size_t libcrux_sha3_generic_keccak_fill_buffer_9d_b00(
5009 libcrux_sha3_generic_keccak_KeccakXofState_78 *self,
5010 Eurydice_slice inputs[1U]) {
5011 size_t input_len = Eurydice_slice_len(inputs[0U], uint8_t);
5012 size_t consumed = (size_t)0U;
5013 if (self->buf_len > (size_t)0U) {
5014 if (self->buf_len + input_len >= (size_t)168U) {
5015 consumed = (size_t)168U - self->buf_len;
5016 for (size_t i = (size_t)0U; i < (size_t)1U; i++) {
5017 size_t i0 = i;
5018 Eurydice_slice uu____0 = Eurydice_array_to_subslice_from(
5019 (size_t)168U, self->buf[i0], self->buf_len, uint8_t, size_t);
5020 Eurydice_slice_copy(
5021 uu____0,
5022 Eurydice_slice_subslice_to(inputs[i0], consumed, uint8_t, size_t),
5023 uint8_t);
5024 }
5025 self->buf_len = self->buf_len + consumed;
5026 }
5027 }
5028 return consumed;
5029 }
5030
5031 /**
5032 This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState<STATE,
5033 PARALLEL_LANES, RATE>[TraitClause@0]#2}
5034 */
5035 /**
5036 A monomorphic instance of libcrux_sha3.generic_keccak.absorb_full_9d
5037 with types uint64_t
5038 with const generics
5039 - PARALLEL_LANES= 1
5040 - RATE= 168
5041 */
libcrux_sha3_generic_keccak_absorb_full_9d_f80(libcrux_sha3_generic_keccak_KeccakXofState_78 * self,Eurydice_slice inputs[1U])5042 static inline size_t libcrux_sha3_generic_keccak_absorb_full_9d_f80(
5043 libcrux_sha3_generic_keccak_KeccakXofState_78 *self,
5044 Eurydice_slice inputs[1U]) {
5045 libcrux_sha3_generic_keccak_KeccakXofState_78 *uu____0 = self;
5046 /* Passing arrays by value in Rust generates a copy in C */
5047 Eurydice_slice copy_of_inputs0[1U];
5048 memcpy(copy_of_inputs0, inputs, (size_t)1U * sizeof(Eurydice_slice));
5049 size_t input_consumed =
5050 libcrux_sha3_generic_keccak_fill_buffer_9d_b00(uu____0, copy_of_inputs0);
5051 if (input_consumed > (size_t)0U) {
5052 Eurydice_slice borrowed[1U];
5053 for (size_t i = (size_t)0U; i < (size_t)1U; i++) {
5054 uint8_t buf[168U] = {0U};
5055 borrowed[i] = core_array___Array_T__N__23__as_slice(
5056 (size_t)168U, buf, uint8_t, Eurydice_slice);
5057 }
5058 for (size_t i = (size_t)0U; i < (size_t)1U; i++) {
5059 size_t i0 = i;
5060 borrowed[i0] =
5061 Eurydice_array_to_slice((size_t)168U, self->buf[i0], uint8_t);
5062 }
5063 uint64_t(*uu____2)[5U] = self->inner.st;
5064 Eurydice_slice uu____3[1U];
5065 memcpy(uu____3, borrowed, (size_t)1U * sizeof(Eurydice_slice));
5066 libcrux_sha3_portable_keccak_load_block_5a_b83(uu____2, uu____3);
5067 libcrux_sha3_generic_keccak_keccakf1600_21(&self->inner);
5068 self->buf_len = (size_t)0U;
5069 }
5070 size_t input_to_consume =
5071 Eurydice_slice_len(inputs[0U], uint8_t) - input_consumed;
5072 size_t num_blocks = input_to_consume / (size_t)168U;
5073 size_t remainder = input_to_consume % (size_t)168U;
5074 for (size_t i = (size_t)0U; i < num_blocks; i++) {
5075 size_t i0 = i;
5076 uint64_t(*uu____4)[5U] = self->inner.st;
5077 /* Passing arrays by value in Rust generates a copy in C */
5078 Eurydice_slice copy_of_inputs[1U];
5079 memcpy(copy_of_inputs, inputs, (size_t)1U * sizeof(Eurydice_slice));
5080 Eurydice_slice ret[1U];
5081 libcrux_sha3_portable_keccak_slice_n_5a(
5082 copy_of_inputs, input_consumed + i0 * (size_t)168U, (size_t)168U, ret);
5083 libcrux_sha3_portable_keccak_load_block_5a_b83(uu____4, ret);
5084 libcrux_sha3_generic_keccak_keccakf1600_21(&self->inner);
5085 }
5086 return remainder;
5087 }
5088
5089 /**
5090 Absorb
5091
5092 This function takes any number of bytes to absorb and buffers if it's not
5093 enough. The function assumes that all input slices in `blocks` have the same
5094 length.
5095
5096 Only a multiple of `RATE` blocks are absorbed.
5097 For the remaining bytes [`absorb_final`] needs to be called.
5098
5099 This works best with relatively small `inputs`.
5100 */
5101 /**
5102 This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState<STATE,
5103 PARALLEL_LANES, RATE>[TraitClause@0]#2}
5104 */
5105 /**
5106 A monomorphic instance of libcrux_sha3.generic_keccak.absorb_9d
5107 with types uint64_t
5108 with const generics
5109 - PARALLEL_LANES= 1
5110 - RATE= 168
5111 */
libcrux_sha3_generic_keccak_absorb_9d_7b0(libcrux_sha3_generic_keccak_KeccakXofState_78 * self,Eurydice_slice inputs[1U])5112 static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_9d_7b0(
5113 libcrux_sha3_generic_keccak_KeccakXofState_78 *self,
5114 Eurydice_slice inputs[1U]) {
5115 libcrux_sha3_generic_keccak_KeccakXofState_78 *uu____0 = self;
5116 /* Passing arrays by value in Rust generates a copy in C */
5117 Eurydice_slice copy_of_inputs[1U];
5118 memcpy(copy_of_inputs, inputs, (size_t)1U * sizeof(Eurydice_slice));
5119 size_t input_remainder_len =
5120 libcrux_sha3_generic_keccak_absorb_full_9d_f80(uu____0, copy_of_inputs);
5121 if (input_remainder_len > (size_t)0U) {
5122 size_t input_len = Eurydice_slice_len(inputs[0U], uint8_t);
5123 for (size_t i = (size_t)0U; i < (size_t)1U; i++) {
5124 size_t i0 = i;
5125 Eurydice_slice uu____2 = Eurydice_array_to_subslice2(
5126 self->buf[i0], self->buf_len, self->buf_len + input_remainder_len,
5127 uint8_t);
5128 Eurydice_slice_copy(
5129 uu____2,
5130 Eurydice_slice_subslice_from(
5131 inputs[i0], input_len - input_remainder_len, uint8_t, size_t),
5132 uint8_t);
5133 }
5134 self->buf_len = self->buf_len + input_remainder_len;
5135 }
5136 }
5137
5138 /**
5139 This function found in impl
5140 {(libcrux_sha3::portable::incremental::XofAbsorb<168: usize> for
5141 libcrux_sha3::portable::incremental::Shake128Absorb)}
5142 */
libcrux_sha3_portable_incremental_absorb_1c(libcrux_sha3_generic_keccak_KeccakXofState_78 * self,Eurydice_slice input)5143 static inline void libcrux_sha3_portable_incremental_absorb_1c(
5144 libcrux_sha3_generic_keccak_KeccakXofState_78 *self, Eurydice_slice input) {
5145 Eurydice_slice buf[1U] = {input};
5146 libcrux_sha3_generic_keccak_absorb_9d_7b0(self, buf);
5147 }
5148
5149 typedef libcrux_sha3_generic_keccak_KeccakXofState_78
5150 libcrux_sha3_portable_incremental_Shake128Squeeze;
5151
5152 /**
5153 Absorb a final block.
5154
5155 The `inputs` block may be empty. Everything in the `inputs` block beyond
5156 `RATE` bytes is ignored.
5157 */
5158 /**
5159 This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState<STATE,
5160 PARALLEL_LANES, RATE>[TraitClause@0]#2}
5161 */
5162 /**
5163 A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final_9d
5164 with types uint64_t
5165 with const generics
5166 - PARALLEL_LANES= 1
5167 - RATE= 168
5168 - DELIMITER= 31
5169 */
libcrux_sha3_generic_keccak_absorb_final_9d_250(libcrux_sha3_generic_keccak_KeccakXofState_78 * self,Eurydice_slice inputs[1U])5170 static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_9d_250(
5171 libcrux_sha3_generic_keccak_KeccakXofState_78 *self,
5172 Eurydice_slice inputs[1U]) {
5173 libcrux_sha3_generic_keccak_KeccakXofState_78 *uu____0 = self;
5174 /* Passing arrays by value in Rust generates a copy in C */
5175 Eurydice_slice copy_of_inputs[1U];
5176 memcpy(copy_of_inputs, inputs, (size_t)1U * sizeof(Eurydice_slice));
5177 size_t input_remainder_len =
5178 libcrux_sha3_generic_keccak_absorb_full_9d_f80(uu____0, copy_of_inputs);
5179 size_t input_len = Eurydice_slice_len(inputs[0U], uint8_t);
5180 uint8_t blocks[1U][200U] = {{0U}};
5181 for (size_t i = (size_t)0U; i < (size_t)1U; i++) {
5182 size_t i0 = i;
5183 if (self->buf_len > (size_t)0U) {
5184 Eurydice_slice uu____2 = Eurydice_array_to_subslice2(
5185 blocks[i0], (size_t)0U, self->buf_len, uint8_t);
5186 Eurydice_slice_copy(uu____2,
5187 Eurydice_array_to_subslice2(self->buf[i0], (size_t)0U,
5188 self->buf_len, uint8_t),
5189 uint8_t);
5190 }
5191 if (input_remainder_len > (size_t)0U) {
5192 Eurydice_slice uu____3 = Eurydice_array_to_subslice2(
5193 blocks[i0], self->buf_len, self->buf_len + input_remainder_len,
5194 uint8_t);
5195 Eurydice_slice_copy(
5196 uu____3,
5197 Eurydice_slice_subslice_from(
5198 inputs[i0], input_len - input_remainder_len, uint8_t, size_t),
5199 uint8_t);
5200 }
5201 blocks[i0][self->buf_len + input_remainder_len] = 31U;
5202 size_t uu____4 = i0;
5203 size_t uu____5 = (size_t)168U - (size_t)1U;
5204 blocks[uu____4][uu____5] = (uint32_t)blocks[uu____4][uu____5] | 128U;
5205 }
5206 uint64_t(*uu____6)[5U] = self->inner.st;
5207 uint8_t uu____7[1U][200U];
5208 memcpy(uu____7, blocks, (size_t)1U * sizeof(uint8_t[200U]));
5209 libcrux_sha3_portable_keccak_load_block_full_5a_d21(uu____6, uu____7);
5210 libcrux_sha3_generic_keccak_keccakf1600_21(&self->inner);
5211 }
5212
5213 /**
5214 This function found in impl
5215 {(libcrux_sha3::portable::incremental::XofAbsorb<168: usize> for
5216 libcrux_sha3::portable::incremental::Shake128Absorb)}
5217 */
5218 static inline libcrux_sha3_generic_keccak_KeccakXofState_78
libcrux_sha3_portable_incremental_absorb_final_1c(libcrux_sha3_generic_keccak_KeccakXofState_78 self,Eurydice_slice input)5219 libcrux_sha3_portable_incremental_absorb_final_1c(
5220 libcrux_sha3_generic_keccak_KeccakXofState_78 self, Eurydice_slice input) {
5221 Eurydice_slice buf[1U] = {input};
5222 libcrux_sha3_generic_keccak_absorb_final_9d_250(&self, buf);
5223 return self;
5224 }
5225
5226 /**
5227 An all zero block
5228 */
5229 /**
5230 This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState<STATE,
5231 PARALLEL_LANES, RATE>[TraitClause@0]#2}
5232 */
5233 /**
5234 A monomorphic instance of libcrux_sha3.generic_keccak.zero_block_9d
5235 with types uint64_t
5236 with const generics
5237 - PARALLEL_LANES= 1
5238 - RATE= 168
5239 */
libcrux_sha3_generic_keccak_zero_block_9d_e60(uint8_t ret[168U])5240 static inline void libcrux_sha3_generic_keccak_zero_block_9d_e60(
5241 uint8_t ret[168U]) {
5242 ret[0U] = 0U;
5243 ret[1U] = 0U;
5244 ret[2U] = 0U;
5245 ret[3U] = 0U;
5246 ret[4U] = 0U;
5247 ret[5U] = 0U;
5248 ret[6U] = 0U;
5249 ret[7U] = 0U;
5250 ret[8U] = 0U;
5251 ret[9U] = 0U;
5252 ret[10U] = 0U;
5253 ret[11U] = 0U;
5254 ret[12U] = 0U;
5255 ret[13U] = 0U;
5256 ret[14U] = 0U;
5257 ret[15U] = 0U;
5258 ret[16U] = 0U;
5259 ret[17U] = 0U;
5260 ret[18U] = 0U;
5261 ret[19U] = 0U;
5262 ret[20U] = 0U;
5263 ret[21U] = 0U;
5264 ret[22U] = 0U;
5265 ret[23U] = 0U;
5266 ret[24U] = 0U;
5267 ret[25U] = 0U;
5268 ret[26U] = 0U;
5269 ret[27U] = 0U;
5270 ret[28U] = 0U;
5271 ret[29U] = 0U;
5272 ret[30U] = 0U;
5273 ret[31U] = 0U;
5274 ret[32U] = 0U;
5275 ret[33U] = 0U;
5276 ret[34U] = 0U;
5277 ret[35U] = 0U;
5278 ret[36U] = 0U;
5279 ret[37U] = 0U;
5280 ret[38U] = 0U;
5281 ret[39U] = 0U;
5282 ret[40U] = 0U;
5283 ret[41U] = 0U;
5284 ret[42U] = 0U;
5285 ret[43U] = 0U;
5286 ret[44U] = 0U;
5287 ret[45U] = 0U;
5288 ret[46U] = 0U;
5289 ret[47U] = 0U;
5290 ret[48U] = 0U;
5291 ret[49U] = 0U;
5292 ret[50U] = 0U;
5293 ret[51U] = 0U;
5294 ret[52U] = 0U;
5295 ret[53U] = 0U;
5296 ret[54U] = 0U;
5297 ret[55U] = 0U;
5298 ret[56U] = 0U;
5299 ret[57U] = 0U;
5300 ret[58U] = 0U;
5301 ret[59U] = 0U;
5302 ret[60U] = 0U;
5303 ret[61U] = 0U;
5304 ret[62U] = 0U;
5305 ret[63U] = 0U;
5306 ret[64U] = 0U;
5307 ret[65U] = 0U;
5308 ret[66U] = 0U;
5309 ret[67U] = 0U;
5310 ret[68U] = 0U;
5311 ret[69U] = 0U;
5312 ret[70U] = 0U;
5313 ret[71U] = 0U;
5314 ret[72U] = 0U;
5315 ret[73U] = 0U;
5316 ret[74U] = 0U;
5317 ret[75U] = 0U;
5318 ret[76U] = 0U;
5319 ret[77U] = 0U;
5320 ret[78U] = 0U;
5321 ret[79U] = 0U;
5322 ret[80U] = 0U;
5323 ret[81U] = 0U;
5324 ret[82U] = 0U;
5325 ret[83U] = 0U;
5326 ret[84U] = 0U;
5327 ret[85U] = 0U;
5328 ret[86U] = 0U;
5329 ret[87U] = 0U;
5330 ret[88U] = 0U;
5331 ret[89U] = 0U;
5332 ret[90U] = 0U;
5333 ret[91U] = 0U;
5334 ret[92U] = 0U;
5335 ret[93U] = 0U;
5336 ret[94U] = 0U;
5337 ret[95U] = 0U;
5338 ret[96U] = 0U;
5339 ret[97U] = 0U;
5340 ret[98U] = 0U;
5341 ret[99U] = 0U;
5342 ret[100U] = 0U;
5343 ret[101U] = 0U;
5344 ret[102U] = 0U;
5345 ret[103U] = 0U;
5346 ret[104U] = 0U;
5347 ret[105U] = 0U;
5348 ret[106U] = 0U;
5349 ret[107U] = 0U;
5350 ret[108U] = 0U;
5351 ret[109U] = 0U;
5352 ret[110U] = 0U;
5353 ret[111U] = 0U;
5354 ret[112U] = 0U;
5355 ret[113U] = 0U;
5356 ret[114U] = 0U;
5357 ret[115U] = 0U;
5358 ret[116U] = 0U;
5359 ret[117U] = 0U;
5360 ret[118U] = 0U;
5361 ret[119U] = 0U;
5362 ret[120U] = 0U;
5363 ret[121U] = 0U;
5364 ret[122U] = 0U;
5365 ret[123U] = 0U;
5366 ret[124U] = 0U;
5367 ret[125U] = 0U;
5368 ret[126U] = 0U;
5369 ret[127U] = 0U;
5370 ret[128U] = 0U;
5371 ret[129U] = 0U;
5372 ret[130U] = 0U;
5373 ret[131U] = 0U;
5374 ret[132U] = 0U;
5375 ret[133U] = 0U;
5376 ret[134U] = 0U;
5377 ret[135U] = 0U;
5378 ret[136U] = 0U;
5379 ret[137U] = 0U;
5380 ret[138U] = 0U;
5381 ret[139U] = 0U;
5382 ret[140U] = 0U;
5383 ret[141U] = 0U;
5384 ret[142U] = 0U;
5385 ret[143U] = 0U;
5386 ret[144U] = 0U;
5387 ret[145U] = 0U;
5388 ret[146U] = 0U;
5389 ret[147U] = 0U;
5390 ret[148U] = 0U;
5391 ret[149U] = 0U;
5392 ret[150U] = 0U;
5393 ret[151U] = 0U;
5394 ret[152U] = 0U;
5395 ret[153U] = 0U;
5396 ret[154U] = 0U;
5397 ret[155U] = 0U;
5398 ret[156U] = 0U;
5399 ret[157U] = 0U;
5400 ret[158U] = 0U;
5401 ret[159U] = 0U;
5402 ret[160U] = 0U;
5403 ret[161U] = 0U;
5404 ret[162U] = 0U;
5405 ret[163U] = 0U;
5406 ret[164U] = 0U;
5407 ret[165U] = 0U;
5408 ret[166U] = 0U;
5409 ret[167U] = 0U;
5410 }
5411
5412 /**
5413 Generate a new keccak xof state.
5414 */
5415 /**
5416 This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState<STATE,
5417 PARALLEL_LANES, RATE>[TraitClause@0]#2}
5418 */
5419 /**
5420 A monomorphic instance of libcrux_sha3.generic_keccak.new_9d
5421 with types uint64_t
5422 with const generics
5423 - PARALLEL_LANES= 1
5424 - RATE= 168
5425 */
5426 static inline libcrux_sha3_generic_keccak_KeccakXofState_78
libcrux_sha3_generic_keccak_new_9d_7e0(void)5427 libcrux_sha3_generic_keccak_new_9d_7e0(void) {
5428 libcrux_sha3_generic_keccak_KeccakXofState_78 lit;
5429 lit.inner = libcrux_sha3_generic_keccak_new_1e_f4();
5430 uint8_t ret[168U];
5431 libcrux_sha3_generic_keccak_zero_block_9d_e60(ret);
5432 memcpy(lit.buf[0U], ret, (size_t)168U * sizeof(uint8_t));
5433 lit.buf_len = (size_t)0U;
5434 lit.sponge = false;
5435 return lit;
5436 }
5437
5438 /**
5439 This function found in impl
5440 {(libcrux_sha3::portable::incremental::XofAbsorb<168: usize> for
5441 libcrux_sha3::portable::incremental::Shake128Absorb)}
5442 */
5443 static inline libcrux_sha3_generic_keccak_KeccakXofState_78
libcrux_sha3_portable_incremental_new_1c(void)5444 libcrux_sha3_portable_incremental_new_1c(void) {
5445 return libcrux_sha3_generic_keccak_new_9d_7e0();
5446 }
5447
5448 /**
5449 `out` has the exact size we want here. It must be less than or equal to `RATE`.
5450 */
5451 /**
5452 This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1:
5453 usize> for u64)}
5454 */
5455 /**
5456 A monomorphic instance of libcrux_sha3.portable_keccak.store_5a
5457 with const generics
5458 - RATE= 136
5459 */
libcrux_sha3_portable_keccak_store_5a_1c(uint64_t (* state)[5U],Eurydice_slice out[1U])5460 static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_5a_1c(
5461 uint64_t (*state)[5U], Eurydice_slice out[1U]) {
5462 size_t num_full_blocks = Eurydice_slice_len(out[0U], uint8_t) / (size_t)8U;
5463 size_t last_block_len = Eurydice_slice_len(out[0U], uint8_t) % (size_t)8U;
5464 for (size_t i = (size_t)0U; i < num_full_blocks; i++) {
5465 size_t i0 = i;
5466 Eurydice_slice uu____0 = Eurydice_slice_subslice2(
5467 out[0U], i0 * (size_t)8U, i0 * (size_t)8U + (size_t)8U, uint8_t);
5468 uint8_t ret[8U];
5469 core_num__u64_9__to_le_bytes(state[i0 / (size_t)5U][i0 % (size_t)5U], ret);
5470 Eurydice_slice_copy(
5471 uu____0, Eurydice_array_to_slice((size_t)8U, ret, uint8_t), uint8_t);
5472 }
5473 if (last_block_len != (size_t)0U) {
5474 Eurydice_slice uu____1 = Eurydice_slice_subslice2(
5475 out[0U], num_full_blocks * (size_t)8U,
5476 num_full_blocks * (size_t)8U + last_block_len, uint8_t);
5477 uint8_t ret[8U];
5478 core_num__u64_9__to_le_bytes(
5479 state[num_full_blocks / (size_t)5U][num_full_blocks % (size_t)5U], ret);
5480 Eurydice_slice_copy(
5481 uu____1,
5482 Eurydice_array_to_subslice2(ret, (size_t)0U, last_block_len, uint8_t),
5483 uint8_t);
5484 }
5485 }
5486
5487 /**
5488 Squeeze `N` x `LEN` bytes.
5489 */
5490 /**
5491 This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState<STATE,
5492 PARALLEL_LANES, RATE>[TraitClause@0]#2}
5493 */
5494 /**
5495 A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_9d
5496 with types uint64_t
5497 with const generics
5498 - PARALLEL_LANES= 1
5499 - RATE= 136
5500 */
libcrux_sha3_generic_keccak_squeeze_9d_96(libcrux_sha3_generic_keccak_KeccakXofState_4f * self,Eurydice_slice out[1U])5501 static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_9d_96(
5502 libcrux_sha3_generic_keccak_KeccakXofState_4f *self,
5503 Eurydice_slice out[1U]) {
5504 if (self->sponge) {
5505 libcrux_sha3_generic_keccak_keccakf1600_21(&self->inner);
5506 }
5507 size_t out_len = Eurydice_slice_len(out[0U], uint8_t);
5508 size_t blocks = out_len / (size_t)136U;
5509 size_t last = out_len - out_len % (size_t)136U;
5510 size_t mid;
5511 if ((size_t)136U >= out_len) {
5512 mid = out_len;
5513 } else {
5514 mid = (size_t)136U;
5515 }
5516 Eurydice_slice_uint8_t_1size_t__x2 uu____0 =
5517 libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, mid);
5518 Eurydice_slice out00[1U];
5519 memcpy(out00, uu____0.fst, (size_t)1U * sizeof(Eurydice_slice));
5520 Eurydice_slice out_rest[1U];
5521 memcpy(out_rest, uu____0.snd, (size_t)1U * sizeof(Eurydice_slice));
5522 libcrux_sha3_portable_keccak_store_5a_1c(self->inner.st, out00);
5523 core_ops_range_Range_b3 iter =
5524 core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter(
5525 (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U,
5526 .end = blocks}),
5527 core_ops_range_Range_b3, core_ops_range_Range_b3);
5528 while (true) {
5529 if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next(
5530 &iter, size_t, Option_b3)
5531 .tag == None) {
5532 break;
5533 } else {
5534 Eurydice_slice_uint8_t_1size_t__x2 uu____1 =
5535 libcrux_sha3_portable_keccak_split_at_mut_n_5a(out_rest,
5536 (size_t)136U);
5537 Eurydice_slice out0[1U];
5538 memcpy(out0, uu____1.fst, (size_t)1U * sizeof(Eurydice_slice));
5539 Eurydice_slice tmp[1U];
5540 memcpy(tmp, uu____1.snd, (size_t)1U * sizeof(Eurydice_slice));
5541 libcrux_sha3_generic_keccak_keccakf1600_21(&self->inner);
5542 libcrux_sha3_portable_keccak_store_5a_1c(self->inner.st, out0);
5543 memcpy(out_rest, tmp, (size_t)1U * sizeof(Eurydice_slice));
5544 }
5545 }
5546 if (last < out_len) {
5547 libcrux_sha3_generic_keccak_keccakf1600_21(&self->inner);
5548 libcrux_sha3_portable_keccak_store_5a_1c(self->inner.st, out_rest);
5549 }
5550 self->sponge = true;
5551 }
5552
5553 /**
5554 Shake256 squeeze
5555 */
5556 /**
5557 This function found in impl
5558 {(libcrux_sha3::portable::incremental::XofSqueeze<136: usize> for
5559 libcrux_sha3::portable::incremental::Shake256Squeeze)#3}
5560 */
libcrux_sha3_portable_incremental_squeeze_8a(libcrux_sha3_generic_keccak_KeccakXofState_4f * self,Eurydice_slice out)5561 static inline void libcrux_sha3_portable_incremental_squeeze_8a(
5562 libcrux_sha3_generic_keccak_KeccakXofState_4f *self, Eurydice_slice out) {
5563 Eurydice_slice buf[1U] = {out};
5564 libcrux_sha3_generic_keccak_squeeze_9d_96(self, buf);
5565 }
5566
5567 /**
5568 `out` has the exact size we want here. It must be less than or equal to `RATE`.
5569 */
5570 /**
5571 This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1:
5572 usize> for u64)}
5573 */
5574 /**
5575 A monomorphic instance of libcrux_sha3.portable_keccak.store_5a
5576 with const generics
5577 - RATE= 168
5578 */
libcrux_sha3_portable_keccak_store_5a_1c0(uint64_t (* state)[5U],Eurydice_slice out[1U])5579 static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_5a_1c0(
5580 uint64_t (*state)[5U], Eurydice_slice out[1U]) {
5581 size_t num_full_blocks = Eurydice_slice_len(out[0U], uint8_t) / (size_t)8U;
5582 size_t last_block_len = Eurydice_slice_len(out[0U], uint8_t) % (size_t)8U;
5583 for (size_t i = (size_t)0U; i < num_full_blocks; i++) {
5584 size_t i0 = i;
5585 Eurydice_slice uu____0 = Eurydice_slice_subslice2(
5586 out[0U], i0 * (size_t)8U, i0 * (size_t)8U + (size_t)8U, uint8_t);
5587 uint8_t ret[8U];
5588 core_num__u64_9__to_le_bytes(state[i0 / (size_t)5U][i0 % (size_t)5U], ret);
5589 Eurydice_slice_copy(
5590 uu____0, Eurydice_array_to_slice((size_t)8U, ret, uint8_t), uint8_t);
5591 }
5592 if (last_block_len != (size_t)0U) {
5593 Eurydice_slice uu____1 = Eurydice_slice_subslice2(
5594 out[0U], num_full_blocks * (size_t)8U,
5595 num_full_blocks * (size_t)8U + last_block_len, uint8_t);
5596 uint8_t ret[8U];
5597 core_num__u64_9__to_le_bytes(
5598 state[num_full_blocks / (size_t)5U][num_full_blocks % (size_t)5U], ret);
5599 Eurydice_slice_copy(
5600 uu____1,
5601 Eurydice_array_to_subslice2(ret, (size_t)0U, last_block_len, uint8_t),
5602 uint8_t);
5603 }
5604 }
5605
5606 /**
5607 Squeeze `N` x `LEN` bytes.
5608 */
5609 /**
5610 This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState<STATE,
5611 PARALLEL_LANES, RATE>[TraitClause@0]#2}
5612 */
5613 /**
5614 A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_9d
5615 with types uint64_t
5616 with const generics
5617 - PARALLEL_LANES= 1
5618 - RATE= 168
5619 */
libcrux_sha3_generic_keccak_squeeze_9d_960(libcrux_sha3_generic_keccak_KeccakXofState_78 * self,Eurydice_slice out[1U])5620 static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_9d_960(
5621 libcrux_sha3_generic_keccak_KeccakXofState_78 *self,
5622 Eurydice_slice out[1U]) {
5623 if (self->sponge) {
5624 libcrux_sha3_generic_keccak_keccakf1600_21(&self->inner);
5625 }
5626 size_t out_len = Eurydice_slice_len(out[0U], uint8_t);
5627 size_t blocks = out_len / (size_t)168U;
5628 size_t last = out_len - out_len % (size_t)168U;
5629 size_t mid;
5630 if ((size_t)168U >= out_len) {
5631 mid = out_len;
5632 } else {
5633 mid = (size_t)168U;
5634 }
5635 Eurydice_slice_uint8_t_1size_t__x2 uu____0 =
5636 libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, mid);
5637 Eurydice_slice out00[1U];
5638 memcpy(out00, uu____0.fst, (size_t)1U * sizeof(Eurydice_slice));
5639 Eurydice_slice out_rest[1U];
5640 memcpy(out_rest, uu____0.snd, (size_t)1U * sizeof(Eurydice_slice));
5641 libcrux_sha3_portable_keccak_store_5a_1c0(self->inner.st, out00);
5642 core_ops_range_Range_b3 iter =
5643 core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter(
5644 (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U,
5645 .end = blocks}),
5646 core_ops_range_Range_b3, core_ops_range_Range_b3);
5647 while (true) {
5648 if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next(
5649 &iter, size_t, Option_b3)
5650 .tag == None) {
5651 break;
5652 } else {
5653 Eurydice_slice_uint8_t_1size_t__x2 uu____1 =
5654 libcrux_sha3_portable_keccak_split_at_mut_n_5a(out_rest,
5655 (size_t)168U);
5656 Eurydice_slice out0[1U];
5657 memcpy(out0, uu____1.fst, (size_t)1U * sizeof(Eurydice_slice));
5658 Eurydice_slice tmp[1U];
5659 memcpy(tmp, uu____1.snd, (size_t)1U * sizeof(Eurydice_slice));
5660 libcrux_sha3_generic_keccak_keccakf1600_21(&self->inner);
5661 libcrux_sha3_portable_keccak_store_5a_1c0(self->inner.st, out0);
5662 memcpy(out_rest, tmp, (size_t)1U * sizeof(Eurydice_slice));
5663 }
5664 }
5665 if (last < out_len) {
5666 libcrux_sha3_generic_keccak_keccakf1600_21(&self->inner);
5667 libcrux_sha3_portable_keccak_store_5a_1c0(self->inner.st, out_rest);
5668 }
5669 self->sponge = true;
5670 }
5671
5672 /**
5673 Shake128 squeeze
5674 */
5675 /**
5676 This function found in impl
5677 {(libcrux_sha3::portable::incremental::XofSqueeze<168: usize> for
5678 libcrux_sha3::portable::incremental::Shake128Squeeze)#1}
5679 */
libcrux_sha3_portable_incremental_squeeze_10(libcrux_sha3_generic_keccak_KeccakXofState_78 * self,Eurydice_slice out)5680 static inline void libcrux_sha3_portable_incremental_squeeze_10(
5681 libcrux_sha3_generic_keccak_KeccakXofState_78 *self, Eurydice_slice out) {
5682 Eurydice_slice buf[1U] = {out};
5683 libcrux_sha3_generic_keccak_squeeze_9d_960(self, buf);
5684 }
5685
5686 /**
5687 This function found in impl {(core::clone::Clone for
5688 libcrux_sha3::portable::KeccakState)}
5689 */
5690 static inline libcrux_sha3_generic_keccak_KeccakState_48
libcrux_sha3_portable_clone_3d(libcrux_sha3_generic_keccak_KeccakState_48 * self)5691 libcrux_sha3_portable_clone_3d(
5692 libcrux_sha3_generic_keccak_KeccakState_48 *self) {
5693 return self[0U];
5694 }
5695
5696 /**
5697 This function found in impl {(core::convert::From<libcrux_sha3::Algorithm> for
5698 u32)#1}
5699 */
libcrux_sha3_from_eb(libcrux_sha3_Algorithm v)5700 static inline uint32_t libcrux_sha3_from_eb(libcrux_sha3_Algorithm v) {
5701 uint32_t uu____0;
5702 switch (v) {
5703 case libcrux_sha3_Sha224: {
5704 uu____0 = 1U;
5705 break;
5706 }
5707 case libcrux_sha3_Sha256: {
5708 uu____0 = 2U;
5709 break;
5710 }
5711 case libcrux_sha3_Sha384: {
5712 uu____0 = 3U;
5713 break;
5714 }
5715 case libcrux_sha3_Sha512: {
5716 uu____0 = 4U;
5717 break;
5718 }
5719 default: {
5720 KRML_HOST_EPRINTF("KaRaMeL incomplete match at %s:%d\n", __FILE__,
5721 __LINE__);
5722 KRML_HOST_EXIT(253U);
5723 }
5724 }
5725 return uu____0;
5726 }
5727
5728 /**
5729 This function found in impl {(core::convert::From<u32> for
5730 libcrux_sha3::Algorithm)}
5731 */
libcrux_sha3_from_2d(uint32_t v)5732 static inline libcrux_sha3_Algorithm libcrux_sha3_from_2d(uint32_t v) {
5733 libcrux_sha3_Algorithm uu____0;
5734 switch (v) {
5735 case 1U: {
5736 uu____0 = libcrux_sha3_Sha224;
5737 break;
5738 }
5739 case 2U: {
5740 uu____0 = libcrux_sha3_Sha256;
5741 break;
5742 }
5743 case 3U: {
5744 uu____0 = libcrux_sha3_Sha384;
5745 break;
5746 }
5747 case 4U: {
5748 uu____0 = libcrux_sha3_Sha512;
5749 break;
5750 }
5751 default: {
5752 KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__,
5753 "panic!");
5754 KRML_HOST_EXIT(255U);
5755 }
5756 }
5757 return uu____0;
5758 }
5759
5760 typedef uint8_t libcrux_sha3_Sha3_512Digest[64U];
5761
5762 typedef uint8_t libcrux_sha3_Sha3_384Digest[48U];
5763
5764 typedef uint8_t libcrux_sha3_Sha3_256Digest[32U];
5765
5766 typedef uint8_t libcrux_sha3_Sha3_224Digest[28U];
5767
5768 #if defined(__cplusplus)
5769 }
5770 #endif
5771
5772 #define __libcrux_sha3_portable_H_DEFINED
5773 #endif
5774
5775 /* from libcrux/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h */
5776 /*
5777 * SPDX-FileCopyrightText: 2024 Cryspen Sarl <info@cryspen.com>
5778 *
5779 * SPDX-License-Identifier: MIT or Apache-2.0
5780 *
5781 * This code was generated with the following revisions:
5782 * Charon: 6b5e110342a771a3e1c739b10294b1778e4be8b4
5783 * Eurydice: 31be7d65ca5d6acdacfb33652e478d24dd85c1cb
5784 * Karamel: 3205d3365ea2790b02368f79fcee38e38d0b5908
5785 * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty
5786 * Libcrux: 4ad532b206174114dd4140b718e7794a28fc59ee
5787 */
5788
5789 #ifndef __libcrux_mlkem768_portable_H
5790 #define __libcrux_mlkem768_portable_H
5791
5792 #if defined(__cplusplus)
5793 extern "C" {
5794 #endif
5795
5796
5797 #define LIBCRUX_ML_KEM_HASH_FUNCTIONS_BLOCK_SIZE ((size_t)168U)
5798
5799 #define LIBCRUX_ML_KEM_HASH_FUNCTIONS_THREE_BLOCKS \
5800 (LIBCRUX_ML_KEM_HASH_FUNCTIONS_BLOCK_SIZE * (size_t)3U)
5801
libcrux_ml_kem_hash_functions_portable_G(Eurydice_slice input,uint8_t ret[64U])5802 static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_G(
5803 Eurydice_slice input, uint8_t ret[64U]) {
5804 uint8_t digest[64U] = {0U};
5805 libcrux_sha3_portable_sha512(
5806 Eurydice_array_to_slice((size_t)64U, digest, uint8_t), input);
5807 memcpy(ret, digest, (size_t)64U * sizeof(uint8_t));
5808 }
5809
libcrux_ml_kem_hash_functions_portable_H(Eurydice_slice input,uint8_t ret[32U])5810 static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_H(
5811 Eurydice_slice input, uint8_t ret[32U]) {
5812 uint8_t digest[32U] = {0U};
5813 libcrux_sha3_portable_sha256(
5814 Eurydice_array_to_slice((size_t)32U, digest, uint8_t), input);
5815 memcpy(ret, digest, (size_t)32U * sizeof(uint8_t));
5816 }
5817
5818 #define LIBCRUX_ML_KEM_IND_CCA_ENCAPS_SEED_SIZE \
5819 (LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE)
5820
5821 #define LIBCRUX_ML_KEM_IND_CCA_KEY_GENERATION_SEED_SIZE \
5822 (LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE + \
5823 LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE)
5824
5825 typedef uint8_t libcrux_ml_kem_ind_cca_MlKemSharedSecret[32U];
5826
5827 static const int16_t libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[128U] =
5828 {(int16_t)-1044, (int16_t)-758, (int16_t)-359, (int16_t)-1517,
5829 (int16_t)1493, (int16_t)1422, (int16_t)287, (int16_t)202,
5830 (int16_t)-171, (int16_t)622, (int16_t)1577, (int16_t)182,
5831 (int16_t)962, (int16_t)-1202, (int16_t)-1474, (int16_t)1468,
5832 (int16_t)573, (int16_t)-1325, (int16_t)264, (int16_t)383,
5833 (int16_t)-829, (int16_t)1458, (int16_t)-1602, (int16_t)-130,
5834 (int16_t)-681, (int16_t)1017, (int16_t)732, (int16_t)608,
5835 (int16_t)-1542, (int16_t)411, (int16_t)-205, (int16_t)-1571,
5836 (int16_t)1223, (int16_t)652, (int16_t)-552, (int16_t)1015,
5837 (int16_t)-1293, (int16_t)1491, (int16_t)-282, (int16_t)-1544,
5838 (int16_t)516, (int16_t)-8, (int16_t)-320, (int16_t)-666,
5839 (int16_t)-1618, (int16_t)-1162, (int16_t)126, (int16_t)1469,
5840 (int16_t)-853, (int16_t)-90, (int16_t)-271, (int16_t)830,
5841 (int16_t)107, (int16_t)-1421, (int16_t)-247, (int16_t)-951,
5842 (int16_t)-398, (int16_t)961, (int16_t)-1508, (int16_t)-725,
5843 (int16_t)448, (int16_t)-1065, (int16_t)677, (int16_t)-1275,
5844 (int16_t)-1103, (int16_t)430, (int16_t)555, (int16_t)843,
5845 (int16_t)-1251, (int16_t)871, (int16_t)1550, (int16_t)105,
5846 (int16_t)422, (int16_t)587, (int16_t)177, (int16_t)-235,
5847 (int16_t)-291, (int16_t)-460, (int16_t)1574, (int16_t)1653,
5848 (int16_t)-246, (int16_t)778, (int16_t)1159, (int16_t)-147,
5849 (int16_t)-777, (int16_t)1483, (int16_t)-602, (int16_t)1119,
5850 (int16_t)-1590, (int16_t)644, (int16_t)-872, (int16_t)349,
5851 (int16_t)418, (int16_t)329, (int16_t)-156, (int16_t)-75,
5852 (int16_t)817, (int16_t)1097, (int16_t)603, (int16_t)610,
5853 (int16_t)1322, (int16_t)-1285, (int16_t)-1465, (int16_t)384,
5854 (int16_t)-1215, (int16_t)-136, (int16_t)1218, (int16_t)-1335,
5855 (int16_t)-874, (int16_t)220, (int16_t)-1187, (int16_t)-1659,
5856 (int16_t)-1185, (int16_t)-1530, (int16_t)-1278, (int16_t)794,
5857 (int16_t)-1510, (int16_t)-854, (int16_t)-870, (int16_t)478,
5858 (int16_t)-108, (int16_t)-308, (int16_t)996, (int16_t)991,
5859 (int16_t)958, (int16_t)-1460, (int16_t)1522, (int16_t)1628};
5860
5861 #define LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR ((size_t)16U)
5862
5863 #define LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT \
5864 (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / \
5865 LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR)
5866
5867 #define LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS ((int16_t)3329)
5868
5869 #define LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS \
5870 ((int16_t)1353)
5871
5872 #define LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R \
5873 (62209U)
5874
5875 typedef struct libcrux_ml_kem_vector_portable_vector_type_PortableVector_s {
5876 int16_t elements[16U];
5877 } libcrux_ml_kem_vector_portable_vector_type_PortableVector;
5878
5879 static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector
libcrux_ml_kem_vector_portable_vector_type_from_i16_array(Eurydice_slice array)5880 libcrux_ml_kem_vector_portable_vector_type_from_i16_array(
5881 Eurydice_slice array) {
5882 libcrux_ml_kem_vector_portable_vector_type_PortableVector lit;
5883 int16_t ret[16U];
5884 Result_c0 dst;
5885 Eurydice_slice_to_array2(
5886 &dst, Eurydice_slice_subslice2(array, (size_t)0U, (size_t)16U, int16_t),
5887 Eurydice_slice, int16_t[16U]);
5888 unwrap_41_f9(dst, ret);
5889 memcpy(lit.elements, ret, (size_t)16U * sizeof(int16_t));
5890 return lit;
5891 }
5892
5893 /**
5894 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
5895 libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
5896 */
5897 static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector
libcrux_ml_kem_vector_portable_from_i16_array_0d(Eurydice_slice array)5898 libcrux_ml_kem_vector_portable_from_i16_array_0d(Eurydice_slice array) {
5899 return libcrux_ml_kem_vector_portable_vector_type_from_i16_array(array);
5900 }
5901
5902 typedef struct uint8_t_x11_s {
5903 uint8_t fst;
5904 uint8_t snd;
5905 uint8_t thd;
5906 uint8_t f3;
5907 uint8_t f4;
5908 uint8_t f5;
5909 uint8_t f6;
5910 uint8_t f7;
5911 uint8_t f8;
5912 uint8_t f9;
5913 uint8_t f10;
5914 } uint8_t_x11;
5915
5916 static KRML_MUSTINLINE uint8_t_x11
libcrux_ml_kem_vector_portable_serialize_serialize_11_int(Eurydice_slice v)5917 libcrux_ml_kem_vector_portable_serialize_serialize_11_int(Eurydice_slice v) {
5918 uint8_t r0 = (uint8_t)Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *);
5919 uint8_t r1 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)1U, int16_t,
5920 int16_t *) &
5921 (int16_t)31)
5922 << 3U |
5923 (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t,
5924 int16_t *) >>
5925 8U);
5926 uint8_t r2 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)2U, int16_t,
5927 int16_t *) &
5928 (int16_t)3)
5929 << 6U |
5930 (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)1U, int16_t,
5931 int16_t *) >>
5932 5U);
5933 uint8_t r3 =
5934 (uint8_t)(Eurydice_slice_index(v, (size_t)2U, int16_t, int16_t *) >> 2U &
5935 (int16_t)255);
5936 uint8_t r4 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)3U, int16_t,
5937 int16_t *) &
5938 (int16_t)127)
5939 << 1U |
5940 (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)2U, int16_t,
5941 int16_t *) >>
5942 10U);
5943 uint8_t r5 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)4U, int16_t,
5944 int16_t *) &
5945 (int16_t)15)
5946 << 4U |
5947 (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)3U, int16_t,
5948 int16_t *) >>
5949 7U);
5950 uint8_t r6 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)5U, int16_t,
5951 int16_t *) &
5952 (int16_t)1)
5953 << 7U |
5954 (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)4U, int16_t,
5955 int16_t *) >>
5956 4U);
5957 uint8_t r7 =
5958 (uint8_t)(Eurydice_slice_index(v, (size_t)5U, int16_t, int16_t *) >> 1U &
5959 (int16_t)255);
5960 uint8_t r8 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)6U, int16_t,
5961 int16_t *) &
5962 (int16_t)63)
5963 << 2U |
5964 (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)5U, int16_t,
5965 int16_t *) >>
5966 9U);
5967 uint8_t r9 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)7U, int16_t,
5968 int16_t *) &
5969 (int16_t)7)
5970 << 5U |
5971 (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)6U, int16_t,
5972 int16_t *) >>
5973 6U);
5974 uint8_t r10 =
5975 (uint8_t)(Eurydice_slice_index(v, (size_t)7U, int16_t, int16_t *) >> 3U);
5976 return (CLITERAL(uint8_t_x11){.fst = r0,
5977 .snd = r1,
5978 .thd = r2,
5979 .f3 = r3,
5980 .f4 = r4,
5981 .f5 = r5,
5982 .f6 = r6,
5983 .f7 = r7,
5984 .f8 = r8,
5985 .f9 = r9,
5986 .f10 = r10});
5987 }
5988
5989 static KRML_MUSTINLINE void
libcrux_ml_kem_vector_portable_serialize_serialize_11(libcrux_ml_kem_vector_portable_vector_type_PortableVector v,uint8_t ret[22U])5990 libcrux_ml_kem_vector_portable_serialize_serialize_11(
5991 libcrux_ml_kem_vector_portable_vector_type_PortableVector v,
5992 uint8_t ret[22U]) {
5993 uint8_t_x11 r0_10 = libcrux_ml_kem_vector_portable_serialize_serialize_11_int(
5994 Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)8U, int16_t));
5995 uint8_t_x11 r11_21 =
5996 libcrux_ml_kem_vector_portable_serialize_serialize_11_int(
5997 Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)16U,
5998 int16_t));
5999 uint8_t result[22U] = {0U};
6000 result[0U] = r0_10.fst;
6001 result[1U] = r0_10.snd;
6002 result[2U] = r0_10.thd;
6003 result[3U] = r0_10.f3;
6004 result[4U] = r0_10.f4;
6005 result[5U] = r0_10.f5;
6006 result[6U] = r0_10.f6;
6007 result[7U] = r0_10.f7;
6008 result[8U] = r0_10.f8;
6009 result[9U] = r0_10.f9;
6010 result[10U] = r0_10.f10;
6011 result[11U] = r11_21.fst;
6012 result[12U] = r11_21.snd;
6013 result[13U] = r11_21.thd;
6014 result[14U] = r11_21.f3;
6015 result[15U] = r11_21.f4;
6016 result[16U] = r11_21.f5;
6017 result[17U] = r11_21.f6;
6018 result[18U] = r11_21.f7;
6019 result[19U] = r11_21.f8;
6020 result[20U] = r11_21.f9;
6021 result[21U] = r11_21.f10;
6022 memcpy(ret, result, (size_t)22U * sizeof(uint8_t));
6023 }
6024
6025 /**
6026 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
6027 libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
6028 */
libcrux_ml_kem_vector_portable_serialize_11_0d(libcrux_ml_kem_vector_portable_vector_type_PortableVector a,uint8_t ret[22U])6029 static inline void libcrux_ml_kem_vector_portable_serialize_11_0d(
6030 libcrux_ml_kem_vector_portable_vector_type_PortableVector a,
6031 uint8_t ret[22U]) {
6032 libcrux_ml_kem_vector_portable_serialize_serialize_11(a, ret);
6033 }
6034
6035 typedef struct int16_t_x8_s {
6036 int16_t fst;
6037 int16_t snd;
6038 int16_t thd;
6039 int16_t f3;
6040 int16_t f4;
6041 int16_t f5;
6042 int16_t f6;
6043 int16_t f7;
6044 } int16_t_x8;
6045
6046 static KRML_MUSTINLINE int16_t_x8
libcrux_ml_kem_vector_portable_serialize_deserialize_11_int(Eurydice_slice bytes)6047 libcrux_ml_kem_vector_portable_serialize_deserialize_11_int(
6048 Eurydice_slice bytes) {
6049 int16_t r0 =
6050 ((int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *) &
6051 (int16_t)7)
6052 << 8U |
6053 (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *);
6054 int16_t r1 =
6055 ((int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *) &
6056 (int16_t)63)
6057 << 5U |
6058 (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *) >>
6059 3U;
6060 int16_t r2 =
6061 (((int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *) &
6062 (int16_t)1)
6063 << 10U |
6064 (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *)
6065 << 2U) |
6066 (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *) >>
6067 6U;
6068 int16_t r3 =
6069 ((int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *) &
6070 (int16_t)15)
6071 << 7U |
6072 (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *) >>
6073 1U;
6074 int16_t r4 =
6075 ((int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *) &
6076 (int16_t)127)
6077 << 4U |
6078 (int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *) >>
6079 4U;
6080 int16_t r5 =
6081 (((int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *) &
6082 (int16_t)3)
6083 << 9U |
6084 (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *)
6085 << 1U) |
6086 (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *) >>
6087 7U;
6088 int16_t r6 =
6089 ((int16_t)Eurydice_slice_index(bytes, (size_t)9U, uint8_t, uint8_t *) &
6090 (int16_t)31)
6091 << 6U |
6092 (int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *) >>
6093 2U;
6094 int16_t r7 =
6095 (int16_t)Eurydice_slice_index(bytes, (size_t)10U, uint8_t, uint8_t *)
6096 << 3U |
6097 (int16_t)Eurydice_slice_index(bytes, (size_t)9U, uint8_t, uint8_t *) >>
6098 5U;
6099 return (CLITERAL(int16_t_x8){.fst = r0,
6100 .snd = r1,
6101 .thd = r2,
6102 .f3 = r3,
6103 .f4 = r4,
6104 .f5 = r5,
6105 .f6 = r6,
6106 .f7 = r7});
6107 }
6108
6109 static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector
libcrux_ml_kem_vector_portable_vector_type_zero(void)6110 libcrux_ml_kem_vector_portable_vector_type_zero(void) {
6111 libcrux_ml_kem_vector_portable_vector_type_PortableVector lit;
6112 lit.elements[0U] = (int16_t)0;
6113 lit.elements[1U] = (int16_t)0;
6114 lit.elements[2U] = (int16_t)0;
6115 lit.elements[3U] = (int16_t)0;
6116 lit.elements[4U] = (int16_t)0;
6117 lit.elements[5U] = (int16_t)0;
6118 lit.elements[6U] = (int16_t)0;
6119 lit.elements[7U] = (int16_t)0;
6120 lit.elements[8U] = (int16_t)0;
6121 lit.elements[9U] = (int16_t)0;
6122 lit.elements[10U] = (int16_t)0;
6123 lit.elements[11U] = (int16_t)0;
6124 lit.elements[12U] = (int16_t)0;
6125 lit.elements[13U] = (int16_t)0;
6126 lit.elements[14U] = (int16_t)0;
6127 lit.elements[15U] = (int16_t)0;
6128 return lit;
6129 }
6130
6131 static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector
libcrux_ml_kem_vector_portable_serialize_deserialize_11(Eurydice_slice bytes)6132 libcrux_ml_kem_vector_portable_serialize_deserialize_11(Eurydice_slice bytes) {
6133 int16_t_x8 v0_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_11_int(
6134 Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)11U, uint8_t));
6135 int16_t_x8 v8_15 =
6136 libcrux_ml_kem_vector_portable_serialize_deserialize_11_int(
6137 Eurydice_slice_subslice2(bytes, (size_t)11U, (size_t)22U, uint8_t));
6138 libcrux_ml_kem_vector_portable_vector_type_PortableVector v =
6139 libcrux_ml_kem_vector_portable_vector_type_zero();
6140 v.elements[0U] = v0_7.fst;
6141 v.elements[1U] = v0_7.snd;
6142 v.elements[2U] = v0_7.thd;
6143 v.elements[3U] = v0_7.f3;
6144 v.elements[4U] = v0_7.f4;
6145 v.elements[5U] = v0_7.f5;
6146 v.elements[6U] = v0_7.f6;
6147 v.elements[7U] = v0_7.f7;
6148 v.elements[8U] = v8_15.fst;
6149 v.elements[9U] = v8_15.snd;
6150 v.elements[10U] = v8_15.thd;
6151 v.elements[11U] = v8_15.f3;
6152 v.elements[12U] = v8_15.f4;
6153 v.elements[13U] = v8_15.f5;
6154 v.elements[14U] = v8_15.f6;
6155 v.elements[15U] = v8_15.f7;
6156 return v;
6157 }
6158
6159 /**
6160 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
6161 libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
6162 */
6163 static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector
libcrux_ml_kem_vector_portable_deserialize_11_0d(Eurydice_slice a)6164 libcrux_ml_kem_vector_portable_deserialize_11_0d(Eurydice_slice a) {
6165 return libcrux_ml_kem_vector_portable_serialize_deserialize_11(a);
6166 }
6167
6168 static KRML_MUSTINLINE void
libcrux_ml_kem_vector_portable_vector_type_to_i16_array(libcrux_ml_kem_vector_portable_vector_type_PortableVector x,int16_t ret[16U])6169 libcrux_ml_kem_vector_portable_vector_type_to_i16_array(
6170 libcrux_ml_kem_vector_portable_vector_type_PortableVector x,
6171 int16_t ret[16U]) {
6172 memcpy(ret, x.elements, (size_t)16U * sizeof(int16_t));
6173 }
6174
6175 /**
6176 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
6177 libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
6178 */
libcrux_ml_kem_vector_portable_to_i16_array_0d(libcrux_ml_kem_vector_portable_vector_type_PortableVector x,int16_t ret[16U])6179 static inline void libcrux_ml_kem_vector_portable_to_i16_array_0d(
6180 libcrux_ml_kem_vector_portable_vector_type_PortableVector x,
6181 int16_t ret[16U]) {
6182 libcrux_ml_kem_vector_portable_vector_type_to_i16_array(x, ret);
6183 }
6184
6185 static const uint8_t
6186 libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE
6187 [256U][16U] = {{255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U,
6188 255U, 255U, 255U, 255U, 255U, 255U, 255U},
6189 {0U, 1U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U,
6190 255U, 255U, 255U, 255U, 255U, 255U},
6191 {2U, 3U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U,
6192 255U, 255U, 255U, 255U, 255U, 255U},
6193 {0U, 1U, 2U, 3U, 255U, 255U, 255U, 255U, 255U, 255U,
6194 255U, 255U, 255U, 255U, 255U, 255U},
6195 {4U, 5U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U,
6196 255U, 255U, 255U, 255U, 255U, 255U},
6197 {0U, 1U, 4U, 5U, 255U, 255U, 255U, 255U, 255U, 255U,
6198 255U, 255U, 255U, 255U, 255U, 255U},
6199 {2U, 3U, 4U, 5U, 255U, 255U, 255U, 255U, 255U, 255U,
6200 255U, 255U, 255U, 255U, 255U, 255U},
6201 {0U, 1U, 2U, 3U, 4U, 5U, 255U, 255U, 255U, 255U, 255U,
6202 255U, 255U, 255U, 255U, 255U},
6203 {6U, 7U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U,
6204 255U, 255U, 255U, 255U, 255U, 255U},
6205 {0U, 1U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, 255U,
6206 255U, 255U, 255U, 255U, 255U, 255U},
6207 {2U, 3U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, 255U,
6208 255U, 255U, 255U, 255U, 255U, 255U},
6209 {0U, 1U, 2U, 3U, 6U, 7U, 255U, 255U, 255U, 255U, 255U,
6210 255U, 255U, 255U, 255U, 255U},
6211 {4U, 5U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, 255U,
6212 255U, 255U, 255U, 255U, 255U, 255U},
6213 {0U, 1U, 4U, 5U, 6U, 7U, 255U, 255U, 255U, 255U, 255U,
6214 255U, 255U, 255U, 255U, 255U},
6215 {2U, 3U, 4U, 5U, 6U, 7U, 255U, 255U, 255U, 255U, 255U,
6216 255U, 255U, 255U, 255U, 255U},
6217 {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 255U, 255U, 255U, 255U,
6218 255U, 255U, 255U, 255U},
6219 {8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U,
6220 255U, 255U, 255U, 255U, 255U, 255U},
6221 {0U, 1U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U,
6222 255U, 255U, 255U, 255U, 255U, 255U},
6223 {2U, 3U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U,
6224 255U, 255U, 255U, 255U, 255U, 255U},
6225 {0U, 1U, 2U, 3U, 8U, 9U, 255U, 255U, 255U, 255U, 255U,
6226 255U, 255U, 255U, 255U, 255U},
6227 {4U, 5U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U,
6228 255U, 255U, 255U, 255U, 255U, 255U},
6229 {0U, 1U, 4U, 5U, 8U, 9U, 255U, 255U, 255U, 255U, 255U,
6230 255U, 255U, 255U, 255U, 255U},
6231 {2U, 3U, 4U, 5U, 8U, 9U, 255U, 255U, 255U, 255U, 255U,
6232 255U, 255U, 255U, 255U, 255U},
6233 {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 255U, 255U, 255U, 255U,
6234 255U, 255U, 255U, 255U},
6235 {6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U,
6236 255U, 255U, 255U, 255U, 255U, 255U},
6237 {0U, 1U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, 255U,
6238 255U, 255U, 255U, 255U, 255U},
6239 {2U, 3U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, 255U,
6240 255U, 255U, 255U, 255U, 255U},
6241 {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U,
6242 255U, 255U, 255U, 255U},
6243 {4U, 5U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, 255U,
6244 255U, 255U, 255U, 255U, 255U},
6245 {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U,
6246 255U, 255U, 255U, 255U},
6247 {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U,
6248 255U, 255U, 255U, 255U},
6249 {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 255U, 255U,
6250 255U, 255U, 255U, 255U},
6251 {10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U,
6252 255U, 255U, 255U, 255U, 255U, 255U, 255U},
6253 {0U, 1U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U,
6254 255U, 255U, 255U, 255U, 255U, 255U},
6255 {2U, 3U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U,
6256 255U, 255U, 255U, 255U, 255U, 255U},
6257 {0U, 1U, 2U, 3U, 10U, 11U, 255U, 255U, 255U, 255U, 255U,
6258 255U, 255U, 255U, 255U, 255U},
6259 {4U, 5U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U,
6260 255U, 255U, 255U, 255U, 255U, 255U},
6261 {0U, 1U, 4U, 5U, 10U, 11U, 255U, 255U, 255U, 255U, 255U,
6262 255U, 255U, 255U, 255U, 255U},
6263 {2U, 3U, 4U, 5U, 10U, 11U, 255U, 255U, 255U, 255U, 255U,
6264 255U, 255U, 255U, 255U, 255U},
6265 {0U, 1U, 2U, 3U, 4U, 5U, 10U, 11U, 255U, 255U, 255U,
6266 255U, 255U, 255U, 255U, 255U},
6267 {6U, 7U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U,
6268 255U, 255U, 255U, 255U, 255U, 255U},
6269 {0U, 1U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, 255U, 255U,
6270 255U, 255U, 255U, 255U, 255U},
6271 {2U, 3U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, 255U, 255U,
6272 255U, 255U, 255U, 255U, 255U},
6273 {0U, 1U, 2U, 3U, 6U, 7U, 10U, 11U, 255U, 255U, 255U,
6274 255U, 255U, 255U, 255U, 255U},
6275 {4U, 5U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, 255U, 255U,
6276 255U, 255U, 255U, 255U, 255U},
6277 {0U, 1U, 4U, 5U, 6U, 7U, 10U, 11U, 255U, 255U, 255U,
6278 255U, 255U, 255U, 255U, 255U},
6279 {2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 255U, 255U, 255U,
6280 255U, 255U, 255U, 255U, 255U},
6281 {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 255U, 255U,
6282 255U, 255U, 255U, 255U},
6283 {8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U,
6284 255U, 255U, 255U, 255U, 255U, 255U},
6285 {0U, 1U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U,
6286 255U, 255U, 255U, 255U, 255U},
6287 {2U, 3U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U,
6288 255U, 255U, 255U, 255U, 255U},
6289 {0U, 1U, 2U, 3U, 8U, 9U, 10U, 11U, 255U, 255U, 255U,
6290 255U, 255U, 255U, 255U, 255U},
6291 {4U, 5U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U,
6292 255U, 255U, 255U, 255U, 255U},
6293 {0U, 1U, 4U, 5U, 8U, 9U, 10U, 11U, 255U, 255U, 255U,
6294 255U, 255U, 255U, 255U, 255U},
6295 {2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 255U, 255U, 255U,
6296 255U, 255U, 255U, 255U, 255U},
6297 {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 255U, 255U,
6298 255U, 255U, 255U, 255U},
6299 {6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U,
6300 255U, 255U, 255U, 255U, 255U},
6301 {0U, 1U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, 255U,
6302 255U, 255U, 255U, 255U, 255U},
6303 {2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, 255U,
6304 255U, 255U, 255U, 255U, 255U},
6305 {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U,
6306 255U, 255U, 255U, 255U},
6307 {4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, 255U,
6308 255U, 255U, 255U, 255U, 255U},
6309 {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U,
6310 255U, 255U, 255U, 255U},
6311 {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U,
6312 255U, 255U, 255U, 255U},
6313 {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 255U,
6314 255U, 255U, 255U},
6315 {12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U,
6316 255U, 255U, 255U, 255U, 255U, 255U, 255U},
6317 {0U, 1U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U,
6318 255U, 255U, 255U, 255U, 255U, 255U},
6319 {2U, 3U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U,
6320 255U, 255U, 255U, 255U, 255U, 255U},
6321 {0U, 1U, 2U, 3U, 12U, 13U, 255U, 255U, 255U, 255U, 255U,
6322 255U, 255U, 255U, 255U, 255U},
6323 {4U, 5U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U,
6324 255U, 255U, 255U, 255U, 255U, 255U},
6325 {0U, 1U, 4U, 5U, 12U, 13U, 255U, 255U, 255U, 255U, 255U,
6326 255U, 255U, 255U, 255U, 255U},
6327 {2U, 3U, 4U, 5U, 12U, 13U, 255U, 255U, 255U, 255U, 255U,
6328 255U, 255U, 255U, 255U, 255U},
6329 {0U, 1U, 2U, 3U, 4U, 5U, 12U, 13U, 255U, 255U, 255U,
6330 255U, 255U, 255U, 255U, 255U},
6331 {6U, 7U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U,
6332 255U, 255U, 255U, 255U, 255U, 255U},
6333 {0U, 1U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, 255U, 255U,
6334 255U, 255U, 255U, 255U, 255U},
6335 {2U, 3U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, 255U, 255U,
6336 255U, 255U, 255U, 255U, 255U},
6337 {0U, 1U, 2U, 3U, 6U, 7U, 12U, 13U, 255U, 255U, 255U,
6338 255U, 255U, 255U, 255U, 255U},
6339 {4U, 5U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, 255U, 255U,
6340 255U, 255U, 255U, 255U, 255U},
6341 {0U, 1U, 4U, 5U, 6U, 7U, 12U, 13U, 255U, 255U, 255U,
6342 255U, 255U, 255U, 255U, 255U},
6343 {2U, 3U, 4U, 5U, 6U, 7U, 12U, 13U, 255U, 255U, 255U,
6344 255U, 255U, 255U, 255U, 255U},
6345 {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 12U, 13U, 255U, 255U,
6346 255U, 255U, 255U, 255U},
6347 {8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U,
6348 255U, 255U, 255U, 255U, 255U, 255U},
6349 {0U, 1U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U,
6350 255U, 255U, 255U, 255U, 255U},
6351 {2U, 3U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U,
6352 255U, 255U, 255U, 255U, 255U},
6353 {0U, 1U, 2U, 3U, 8U, 9U, 12U, 13U, 255U, 255U, 255U,
6354 255U, 255U, 255U, 255U, 255U},
6355 {4U, 5U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U,
6356 255U, 255U, 255U, 255U, 255U},
6357 {0U, 1U, 4U, 5U, 8U, 9U, 12U, 13U, 255U, 255U, 255U,
6358 255U, 255U, 255U, 255U, 255U},
6359 {2U, 3U, 4U, 5U, 8U, 9U, 12U, 13U, 255U, 255U, 255U,
6360 255U, 255U, 255U, 255U, 255U},
6361 {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 12U, 13U, 255U, 255U,
6362 255U, 255U, 255U, 255U},
6363 {6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U,
6364 255U, 255U, 255U, 255U, 255U},
6365 {0U, 1U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, 255U,
6366 255U, 255U, 255U, 255U, 255U},
6367 {2U, 3U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, 255U,
6368 255U, 255U, 255U, 255U, 255U},
6369 {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U,
6370 255U, 255U, 255U, 255U},
6371 {4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, 255U,
6372 255U, 255U, 255U, 255U, 255U},
6373 {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U,
6374 255U, 255U, 255U, 255U},
6375 {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U,
6376 255U, 255U, 255U, 255U},
6377 {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 255U,
6378 255U, 255U, 255U},
6379 {10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U,
6380 255U, 255U, 255U, 255U, 255U, 255U},
6381 {0U, 1U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U,
6382 255U, 255U, 255U, 255U, 255U, 255U},
6383 {2U, 3U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U,
6384 255U, 255U, 255U, 255U, 255U, 255U},
6385 {0U, 1U, 2U, 3U, 10U, 11U, 12U, 13U, 255U, 255U, 255U,
6386 255U, 255U, 255U, 255U, 255U},
6387 {4U, 5U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U,
6388 255U, 255U, 255U, 255U, 255U, 255U},
6389 {0U, 1U, 4U, 5U, 10U, 11U, 12U, 13U, 255U, 255U, 255U,
6390 255U, 255U, 255U, 255U, 255U},
6391 {2U, 3U, 4U, 5U, 10U, 11U, 12U, 13U, 255U, 255U, 255U,
6392 255U, 255U, 255U, 255U, 255U},
6393 {0U, 1U, 2U, 3U, 4U, 5U, 10U, 11U, 12U, 13U, 255U, 255U,
6394 255U, 255U, 255U, 255U},
6395 {6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U,
6396 255U, 255U, 255U, 255U, 255U, 255U},
6397 {0U, 1U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, 255U,
6398 255U, 255U, 255U, 255U, 255U},
6399 {2U, 3U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, 255U,
6400 255U, 255U, 255U, 255U, 255U},
6401 {0U, 1U, 2U, 3U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U,
6402 255U, 255U, 255U, 255U},
6403 {4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, 255U,
6404 255U, 255U, 255U, 255U, 255U},
6405 {0U, 1U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U,
6406 255U, 255U, 255U, 255U},
6407 {2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U,
6408 255U, 255U, 255U, 255U},
6409 {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U,
6410 255U, 255U, 255U, 255U},
6411 {8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U,
6412 255U, 255U, 255U, 255U, 255U, 255U},
6413 {0U, 1U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U,
6414 255U, 255U, 255U, 255U, 255U},
6415 {2U, 3U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U,
6416 255U, 255U, 255U, 255U, 255U},
6417 {0U, 1U, 2U, 3U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U,
6418 255U, 255U, 255U, 255U},
6419 {4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U,
6420 255U, 255U, 255U, 255U, 255U},
6421 {0U, 1U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U,
6422 255U, 255U, 255U, 255U},
6423 {2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U,
6424 255U, 255U, 255U, 255U},
6425 {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U,
6426 255U, 255U, 255U, 255U},
6427 {6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U,
6428 255U, 255U, 255U, 255U, 255U},
6429 {0U, 1U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U,
6430 255U, 255U, 255U, 255U},
6431 {2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U,
6432 255U, 255U, 255U, 255U},
6433 {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U,
6434 255U, 255U, 255U, 255U},
6435 {4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U,
6436 255U, 255U, 255U, 255U},
6437 {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U,
6438 255U, 255U, 255U, 255U},
6439 {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U,
6440 255U, 255U, 255U, 255U},
6441 {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U,
6442 13U, 255U, 255U},
6443 {14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U,
6444 255U, 255U, 255U, 255U, 255U, 255U, 255U},
6445 {0U, 1U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U,
6446 255U, 255U, 255U, 255U, 255U, 255U},
6447 {2U, 3U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U,
6448 255U, 255U, 255U, 255U, 255U, 255U},
6449 {0U, 1U, 2U, 3U, 14U, 15U, 255U, 255U, 255U, 255U, 255U,
6450 255U, 255U, 255U, 255U, 255U},
6451 {4U, 5U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U,
6452 255U, 255U, 255U, 255U, 255U, 255U},
6453 {0U, 1U, 4U, 5U, 14U, 15U, 255U, 255U, 255U, 255U, 255U,
6454 255U, 255U, 255U, 255U, 255U},
6455 {2U, 3U, 4U, 5U, 14U, 15U, 255U, 255U, 255U, 255U, 255U,
6456 255U, 255U, 255U, 255U, 255U},
6457 {0U, 1U, 2U, 3U, 4U, 5U, 14U, 15U, 255U, 255U, 255U,
6458 255U, 255U, 255U, 255U, 255U},
6459 {6U, 7U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U,
6460 255U, 255U, 255U, 255U, 255U, 255U},
6461 {0U, 1U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, 255U, 255U,
6462 255U, 255U, 255U, 255U, 255U},
6463 {2U, 3U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, 255U, 255U,
6464 255U, 255U, 255U, 255U, 255U},
6465 {0U, 1U, 2U, 3U, 6U, 7U, 14U, 15U, 255U, 255U, 255U,
6466 255U, 255U, 255U, 255U, 255U},
6467 {4U, 5U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, 255U, 255U,
6468 255U, 255U, 255U, 255U, 255U},
6469 {0U, 1U, 4U, 5U, 6U, 7U, 14U, 15U, 255U, 255U, 255U,
6470 255U, 255U, 255U, 255U, 255U},
6471 {2U, 3U, 4U, 5U, 6U, 7U, 14U, 15U, 255U, 255U, 255U,
6472 255U, 255U, 255U, 255U, 255U},
6473 {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 14U, 15U, 255U, 255U,
6474 255U, 255U, 255U, 255U},
6475 {8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U,
6476 255U, 255U, 255U, 255U, 255U, 255U},
6477 {0U, 1U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U,
6478 255U, 255U, 255U, 255U, 255U},
6479 {2U, 3U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U,
6480 255U, 255U, 255U, 255U, 255U},
6481 {0U, 1U, 2U, 3U, 8U, 9U, 14U, 15U, 255U, 255U, 255U,
6482 255U, 255U, 255U, 255U, 255U},
6483 {4U, 5U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U,
6484 255U, 255U, 255U, 255U, 255U},
6485 {0U, 1U, 4U, 5U, 8U, 9U, 14U, 15U, 255U, 255U, 255U,
6486 255U, 255U, 255U, 255U, 255U},
6487 {2U, 3U, 4U, 5U, 8U, 9U, 14U, 15U, 255U, 255U, 255U,
6488 255U, 255U, 255U, 255U, 255U},
6489 {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 14U, 15U, 255U, 255U,
6490 255U, 255U, 255U, 255U},
6491 {6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U,
6492 255U, 255U, 255U, 255U, 255U},
6493 {0U, 1U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, 255U,
6494 255U, 255U, 255U, 255U, 255U},
6495 {2U, 3U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, 255U,
6496 255U, 255U, 255U, 255U, 255U},
6497 {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U,
6498 255U, 255U, 255U, 255U},
6499 {4U, 5U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, 255U,
6500 255U, 255U, 255U, 255U, 255U},
6501 {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U,
6502 255U, 255U, 255U, 255U},
6503 {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U,
6504 255U, 255U, 255U, 255U},
6505 {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 14U, 15U, 255U,
6506 255U, 255U, 255U},
6507 {10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U,
6508 255U, 255U, 255U, 255U, 255U, 255U},
6509 {0U, 1U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U,
6510 255U, 255U, 255U, 255U, 255U, 255U},
6511 {2U, 3U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U,
6512 255U, 255U, 255U, 255U, 255U, 255U},
6513 {0U, 1U, 2U, 3U, 10U, 11U, 14U, 15U, 255U, 255U, 255U,
6514 255U, 255U, 255U, 255U, 255U},
6515 {4U, 5U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U,
6516 255U, 255U, 255U, 255U, 255U, 255U},
6517 {0U, 1U, 4U, 5U, 10U, 11U, 14U, 15U, 255U, 255U, 255U,
6518 255U, 255U, 255U, 255U, 255U},
6519 {2U, 3U, 4U, 5U, 10U, 11U, 14U, 15U, 255U, 255U, 255U,
6520 255U, 255U, 255U, 255U, 255U},
6521 {0U, 1U, 2U, 3U, 4U, 5U, 10U, 11U, 14U, 15U, 255U, 255U,
6522 255U, 255U, 255U, 255U},
6523 {6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U,
6524 255U, 255U, 255U, 255U, 255U, 255U},
6525 {0U, 1U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, 255U,
6526 255U, 255U, 255U, 255U, 255U},
6527 {2U, 3U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, 255U,
6528 255U, 255U, 255U, 255U, 255U},
6529 {0U, 1U, 2U, 3U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U,
6530 255U, 255U, 255U, 255U},
6531 {4U, 5U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, 255U,
6532 255U, 255U, 255U, 255U, 255U},
6533 {0U, 1U, 4U, 5U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U,
6534 255U, 255U, 255U, 255U},
6535 {2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U,
6536 255U, 255U, 255U, 255U},
6537 {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 14U, 15U,
6538 255U, 255U, 255U, 255U},
6539 {8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U,
6540 255U, 255U, 255U, 255U, 255U, 255U},
6541 {0U, 1U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U,
6542 255U, 255U, 255U, 255U, 255U},
6543 {2U, 3U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U,
6544 255U, 255U, 255U, 255U, 255U},
6545 {0U, 1U, 2U, 3U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U,
6546 255U, 255U, 255U, 255U},
6547 {4U, 5U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U,
6548 255U, 255U, 255U, 255U, 255U},
6549 {0U, 1U, 4U, 5U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U,
6550 255U, 255U, 255U, 255U},
6551 {2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U,
6552 255U, 255U, 255U, 255U},
6553 {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 14U, 15U,
6554 255U, 255U, 255U, 255U},
6555 {6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U,
6556 255U, 255U, 255U, 255U, 255U},
6557 {0U, 1U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U,
6558 255U, 255U, 255U, 255U},
6559 {2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U,
6560 255U, 255U, 255U, 255U},
6561 {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U,
6562 255U, 255U, 255U, 255U},
6563 {4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U,
6564 255U, 255U, 255U, 255U},
6565 {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U,
6566 255U, 255U, 255U, 255U},
6567 {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U,
6568 255U, 255U, 255U, 255U},
6569 {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 14U,
6570 15U, 255U, 255U},
6571 {12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U,
6572 255U, 255U, 255U, 255U, 255U, 255U},
6573 {0U, 1U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U,
6574 255U, 255U, 255U, 255U, 255U, 255U},
6575 {2U, 3U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U,
6576 255U, 255U, 255U, 255U, 255U, 255U},
6577 {0U, 1U, 2U, 3U, 12U, 13U, 14U, 15U, 255U, 255U, 255U,
6578 255U, 255U, 255U, 255U, 255U},
6579 {4U, 5U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U,
6580 255U, 255U, 255U, 255U, 255U, 255U},
6581 {0U, 1U, 4U, 5U, 12U, 13U, 14U, 15U, 255U, 255U, 255U,
6582 255U, 255U, 255U, 255U, 255U},
6583 {2U, 3U, 4U, 5U, 12U, 13U, 14U, 15U, 255U, 255U, 255U,
6584 255U, 255U, 255U, 255U, 255U},
6585 {0U, 1U, 2U, 3U, 4U, 5U, 12U, 13U, 14U, 15U, 255U, 255U,
6586 255U, 255U, 255U, 255U},
6587 {6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U,
6588 255U, 255U, 255U, 255U, 255U, 255U},
6589 {0U, 1U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, 255U,
6590 255U, 255U, 255U, 255U, 255U},
6591 {2U, 3U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, 255U,
6592 255U, 255U, 255U, 255U, 255U},
6593 {0U, 1U, 2U, 3U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U,
6594 255U, 255U, 255U, 255U},
6595 {4U, 5U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, 255U,
6596 255U, 255U, 255U, 255U, 255U},
6597 {0U, 1U, 4U, 5U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U,
6598 255U, 255U, 255U, 255U},
6599 {2U, 3U, 4U, 5U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U,
6600 255U, 255U, 255U, 255U},
6601 {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 12U, 13U, 14U, 15U,
6602 255U, 255U, 255U, 255U},
6603 {8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U,
6604 255U, 255U, 255U, 255U, 255U, 255U},
6605 {0U, 1U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U,
6606 255U, 255U, 255U, 255U, 255U},
6607 {2U, 3U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U,
6608 255U, 255U, 255U, 255U, 255U},
6609 {0U, 1U, 2U, 3U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U,
6610 255U, 255U, 255U, 255U},
6611 {4U, 5U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U,
6612 255U, 255U, 255U, 255U, 255U},
6613 {0U, 1U, 4U, 5U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U,
6614 255U, 255U, 255U, 255U},
6615 {2U, 3U, 4U, 5U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U,
6616 255U, 255U, 255U, 255U},
6617 {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 12U, 13U, 14U, 15U,
6618 255U, 255U, 255U, 255U},
6619 {6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U,
6620 255U, 255U, 255U, 255U, 255U},
6621 {0U, 1U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U,
6622 255U, 255U, 255U, 255U},
6623 {2U, 3U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U,
6624 255U, 255U, 255U, 255U},
6625 {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U,
6626 255U, 255U, 255U, 255U},
6627 {4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U,
6628 255U, 255U, 255U, 255U},
6629 {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U,
6630 255U, 255U, 255U, 255U},
6631 {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U,
6632 255U, 255U, 255U, 255U},
6633 {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 14U,
6634 15U, 255U, 255U},
6635 {10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U,
6636 255U, 255U, 255U, 255U, 255U, 255U},
6637 {0U, 1U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U,
6638 255U, 255U, 255U, 255U, 255U},
6639 {2U, 3U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U,
6640 255U, 255U, 255U, 255U, 255U},
6641 {0U, 1U, 2U, 3U, 10U, 11U, 12U, 13U, 14U, 15U, 255U,
6642 255U, 255U, 255U, 255U, 255U},
6643 {4U, 5U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U,
6644 255U, 255U, 255U, 255U, 255U},
6645 {0U, 1U, 4U, 5U, 10U, 11U, 12U, 13U, 14U, 15U, 255U,
6646 255U, 255U, 255U, 255U, 255U},
6647 {2U, 3U, 4U, 5U, 10U, 11U, 12U, 13U, 14U, 15U, 255U,
6648 255U, 255U, 255U, 255U, 255U},
6649 {0U, 1U, 2U, 3U, 4U, 5U, 10U, 11U, 12U, 13U, 14U, 15U,
6650 255U, 255U, 255U, 255U},
6651 {6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U,
6652 255U, 255U, 255U, 255U, 255U},
6653 {0U, 1U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, 255U,
6654 255U, 255U, 255U, 255U, 255U},
6655 {2U, 3U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, 255U,
6656 255U, 255U, 255U, 255U, 255U},
6657 {0U, 1U, 2U, 3U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U,
6658 255U, 255U, 255U, 255U},
6659 {4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, 255U,
6660 255U, 255U, 255U, 255U, 255U},
6661 {0U, 1U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U,
6662 255U, 255U, 255U, 255U},
6663 {2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U,
6664 255U, 255U, 255U, 255U},
6665 {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 14U,
6666 15U, 255U, 255U},
6667 {8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U,
6668 255U, 255U, 255U, 255U, 255U},
6669 {0U, 1U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U,
6670 255U, 255U, 255U, 255U, 255U},
6671 {2U, 3U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U,
6672 255U, 255U, 255U, 255U, 255U},
6673 {0U, 1U, 2U, 3U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U,
6674 255U, 255U, 255U, 255U},
6675 {4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U,
6676 255U, 255U, 255U, 255U, 255U},
6677 {0U, 1U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U,
6678 255U, 255U, 255U, 255U},
6679 {2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U,
6680 255U, 255U, 255U, 255U},
6681 {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 14U,
6682 15U, 255U, 255U},
6683 {6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U,
6684 255U, 255U, 255U, 255U, 255U},
6685 {0U, 1U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U,
6686 255U, 255U, 255U, 255U},
6687 {2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U,
6688 255U, 255U, 255U, 255U},
6689 {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U,
6690 15U, 255U, 255U},
6691 {4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U,
6692 255U, 255U, 255U, 255U},
6693 {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U,
6694 15U, 255U, 255U},
6695 {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U,
6696 15U, 255U, 255U},
6697 {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U,
6698 13U, 14U, 15U}};
6699
6700 /**
6701 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
6702 libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
6703 */
6704 static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector
libcrux_ml_kem_vector_portable_ZERO_0d(void)6705 libcrux_ml_kem_vector_portable_ZERO_0d(void) {
6706 return libcrux_ml_kem_vector_portable_vector_type_zero();
6707 }
6708
6709 static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector
libcrux_ml_kem_vector_portable_arithmetic_add(libcrux_ml_kem_vector_portable_vector_type_PortableVector lhs,libcrux_ml_kem_vector_portable_vector_type_PortableVector * rhs)6710 libcrux_ml_kem_vector_portable_arithmetic_add(
6711 libcrux_ml_kem_vector_portable_vector_type_PortableVector lhs,
6712 libcrux_ml_kem_vector_portable_vector_type_PortableVector *rhs) {
6713 for (size_t i = (size_t)0U;
6714 i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) {
6715 size_t i0 = i;
6716 size_t uu____0 = i0;
6717 lhs.elements[uu____0] = lhs.elements[uu____0] + rhs->elements[i0];
6718 }
6719 return lhs;
6720 }
6721
6722 /**
6723 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
6724 libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
6725 */
6726 static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector
libcrux_ml_kem_vector_portable_add_0d(libcrux_ml_kem_vector_portable_vector_type_PortableVector lhs,libcrux_ml_kem_vector_portable_vector_type_PortableVector * rhs)6727 libcrux_ml_kem_vector_portable_add_0d(
6728 libcrux_ml_kem_vector_portable_vector_type_PortableVector lhs,
6729 libcrux_ml_kem_vector_portable_vector_type_PortableVector *rhs) {
6730 return libcrux_ml_kem_vector_portable_arithmetic_add(lhs, rhs);
6731 }
6732
6733 static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector
libcrux_ml_kem_vector_portable_arithmetic_sub(libcrux_ml_kem_vector_portable_vector_type_PortableVector lhs,libcrux_ml_kem_vector_portable_vector_type_PortableVector * rhs)6734 libcrux_ml_kem_vector_portable_arithmetic_sub(
6735 libcrux_ml_kem_vector_portable_vector_type_PortableVector lhs,
6736 libcrux_ml_kem_vector_portable_vector_type_PortableVector *rhs) {
6737 for (size_t i = (size_t)0U;
6738 i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) {
6739 size_t i0 = i;
6740 size_t uu____0 = i0;
6741 lhs.elements[uu____0] = lhs.elements[uu____0] - rhs->elements[i0];
6742 }
6743 return lhs;
6744 }
6745
6746 /**
6747 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
6748 libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
6749 */
6750 static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector
libcrux_ml_kem_vector_portable_sub_0d(libcrux_ml_kem_vector_portable_vector_type_PortableVector lhs,libcrux_ml_kem_vector_portable_vector_type_PortableVector * rhs)6751 libcrux_ml_kem_vector_portable_sub_0d(
6752 libcrux_ml_kem_vector_portable_vector_type_PortableVector lhs,
6753 libcrux_ml_kem_vector_portable_vector_type_PortableVector *rhs) {
6754 return libcrux_ml_kem_vector_portable_arithmetic_sub(lhs, rhs);
6755 }
6756
6757 static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector
libcrux_ml_kem_vector_portable_arithmetic_multiply_by_constant(libcrux_ml_kem_vector_portable_vector_type_PortableVector v,int16_t c)6758 libcrux_ml_kem_vector_portable_arithmetic_multiply_by_constant(
6759 libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t c) {
6760 for (size_t i = (size_t)0U;
6761 i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) {
6762 size_t i0 = i;
6763 size_t uu____0 = i0;
6764 v.elements[uu____0] = v.elements[uu____0] * c;
6765 }
6766 return v;
6767 }
6768
6769 /**
6770 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
6771 libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
6772 */
6773 static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector
libcrux_ml_kem_vector_portable_multiply_by_constant_0d(libcrux_ml_kem_vector_portable_vector_type_PortableVector v,int16_t c)6774 libcrux_ml_kem_vector_portable_multiply_by_constant_0d(
6775 libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t c) {
6776 return libcrux_ml_kem_vector_portable_arithmetic_multiply_by_constant(v, c);
6777 }
6778
6779 static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector
libcrux_ml_kem_vector_portable_arithmetic_bitwise_and_with_constant(libcrux_ml_kem_vector_portable_vector_type_PortableVector v,int16_t c)6780 libcrux_ml_kem_vector_portable_arithmetic_bitwise_and_with_constant(
6781 libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t c) {
6782 for (size_t i = (size_t)0U;
6783 i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) {
6784 size_t i0 = i;
6785 size_t uu____0 = i0;
6786 v.elements[uu____0] = v.elements[uu____0] & c;
6787 }
6788 return v;
6789 }
6790
6791 /**
6792 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
6793 libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
6794 */
6795 static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector
libcrux_ml_kem_vector_portable_bitwise_and_with_constant_0d(libcrux_ml_kem_vector_portable_vector_type_PortableVector v,int16_t c)6796 libcrux_ml_kem_vector_portable_bitwise_and_with_constant_0d(
6797 libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t c) {
6798 return libcrux_ml_kem_vector_portable_arithmetic_bitwise_and_with_constant(v,
6799 c);
6800 }
6801
6802 static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector
libcrux_ml_kem_vector_portable_arithmetic_cond_subtract_3329(libcrux_ml_kem_vector_portable_vector_type_PortableVector v)6803 libcrux_ml_kem_vector_portable_arithmetic_cond_subtract_3329(
6804 libcrux_ml_kem_vector_portable_vector_type_PortableVector v) {
6805 core_ops_range_Range_b3 iter =
6806 core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter(
6807 (CLITERAL(core_ops_range_Range_b3){
6808 .start = (size_t)0U,
6809 .end = LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR}),
6810 core_ops_range_Range_b3, core_ops_range_Range_b3);
6811 while (true) {
6812 Option_b3 uu____0 =
6813 core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next(
6814 &iter, size_t, Option_b3);
6815 if (!(uu____0.tag == None)) {
6816 size_t i = uu____0.f0;
6817 if (v.elements[i] >= (int16_t)3329) {
6818 size_t uu____1 = i;
6819 v.elements[uu____1] = v.elements[uu____1] - (int16_t)3329;
6820 }
6821 continue;
6822 }
6823 return v;
6824 }
6825 }
6826
6827 /**
6828 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
6829 libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
6830 */
6831 static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector
libcrux_ml_kem_vector_portable_cond_subtract_3329_0d(libcrux_ml_kem_vector_portable_vector_type_PortableVector v)6832 libcrux_ml_kem_vector_portable_cond_subtract_3329_0d(
6833 libcrux_ml_kem_vector_portable_vector_type_PortableVector v) {
6834 return libcrux_ml_kem_vector_portable_arithmetic_cond_subtract_3329(v);
6835 }
6836
6837 #define LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_BARRETT_MULTIPLIER \
6838 ((int32_t)20159)
6839
6840 #define LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_BARRETT_SHIFT ((int32_t)26)
6841
6842 #define LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_BARRETT_R \
6843 ((int32_t)1 << (uint32_t) \
6844 LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_BARRETT_SHIFT)
6845
6846 /**
6847 Signed Barrett Reduction
6848
6849 Given an input `value`, `barrett_reduce` outputs a representative `result`
6850 such that:
6851
6852 - result ≡ value (mod FIELD_MODULUS)
6853 - the absolute value of `result` is bound as follows:
6854
6855 `|result| ≤ FIELD_MODULUS / 2 · (|value|/BARRETT_R + 1)
6856
6857 In particular, if `|value| < BARRETT_R`, then `|result| < FIELD_MODULUS`.
6858 */
6859 static inline int16_t
libcrux_ml_kem_vector_portable_arithmetic_barrett_reduce_element(int16_t value)6860 libcrux_ml_kem_vector_portable_arithmetic_barrett_reduce_element(
6861 int16_t value) {
6862 int32_t t = (int32_t)value *
6863 LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_BARRETT_MULTIPLIER +
6864 (LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_BARRETT_R >> 1U);
6865 int16_t quotient =
6866 (int16_t)(t >>
6867 (uint32_t)
6868 LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_BARRETT_SHIFT);
6869 return value - quotient * LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS;
6870 }
6871
6872 static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector
libcrux_ml_kem_vector_portable_arithmetic_barrett_reduce(libcrux_ml_kem_vector_portable_vector_type_PortableVector v)6873 libcrux_ml_kem_vector_portable_arithmetic_barrett_reduce(
6874 libcrux_ml_kem_vector_portable_vector_type_PortableVector v) {
6875 for (size_t i = (size_t)0U;
6876 i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) {
6877 size_t i0 = i;
6878 v.elements[i0] =
6879 libcrux_ml_kem_vector_portable_arithmetic_barrett_reduce_element(
6880 v.elements[i0]);
6881 }
6882 return v;
6883 }
6884
6885 /**
6886 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
6887 libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
6888 */
6889 static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector
libcrux_ml_kem_vector_portable_barrett_reduce_0d(libcrux_ml_kem_vector_portable_vector_type_PortableVector v)6890 libcrux_ml_kem_vector_portable_barrett_reduce_0d(
6891 libcrux_ml_kem_vector_portable_vector_type_PortableVector v) {
6892 return libcrux_ml_kem_vector_portable_arithmetic_barrett_reduce(v);
6893 }
6894
6895 #define LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_MONTGOMERY_SHIFT (16U)
6896
6897 #define LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_MONTGOMERY_R \
6898 ((int32_t)1 << (uint32_t) \
6899 LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_MONTGOMERY_SHIFT)
6900
6901 /**
6902 Signed Montgomery Reduction
6903
6904 Given an input `value`, `montgomery_reduce` outputs a representative `o`
6905 such that:
6906
6907 - o ≡ value · MONTGOMERY_R^(-1) (mod FIELD_MODULUS)
6908 - the absolute value of `o` is bound as follows:
6909
6910 `|result| ≤ (|value| / MONTGOMERY_R) + (FIELD_MODULUS / 2)
6911
6912 In particular, if `|value| ≤ FIELD_MODULUS * MONTGOMERY_R`, then `|o| < (3 ·
6913 FIELD_MODULUS) / 2`.
6914 */
6915 static inline int16_t
libcrux_ml_kem_vector_portable_arithmetic_montgomery_reduce_element(int32_t value)6916 libcrux_ml_kem_vector_portable_arithmetic_montgomery_reduce_element(
6917 int32_t value) {
6918 int32_t k =
6919 (int32_t)(int16_t)value *
6920 (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R;
6921 int32_t k_times_modulus =
6922 (int32_t)(int16_t)k * (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS;
6923 int16_t c =
6924 (int16_t)(k_times_modulus >>
6925 (uint32_t)
6926 LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_MONTGOMERY_SHIFT);
6927 int16_t value_high =
6928 (int16_t)(value >>
6929 (uint32_t)
6930 LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_MONTGOMERY_SHIFT);
6931 return value_high - c;
6932 }
6933
6934 /**
6935 If `fe` is some field element 'x' of the Kyber field and `fer` is congruent to
6936 `y · MONTGOMERY_R`, this procedure outputs a value that is congruent to
6937 `x · y`, as follows:
6938
6939 `fe · fer ≡ x · y · MONTGOMERY_R (mod FIELD_MODULUS)`
6940
6941 `montgomery_reduce` takes the value `x · y · MONTGOMERY_R` and outputs a
6942 representative `x · y · MONTGOMERY_R * MONTGOMERY_R^{-1} ≡ x · y (mod
6943 FIELD_MODULUS)`.
6944 */
6945 static KRML_MUSTINLINE int16_t
libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer(int16_t fe,int16_t fer)6946 libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer(
6947 int16_t fe, int16_t fer) {
6948 return libcrux_ml_kem_vector_portable_arithmetic_montgomery_reduce_element(
6949 (int32_t)fe * (int32_t)fer);
6950 }
6951
6952 static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector
libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_by_constant(libcrux_ml_kem_vector_portable_vector_type_PortableVector v,int16_t c)6953 libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_by_constant(
6954 libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t c) {
6955 for (size_t i = (size_t)0U;
6956 i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) {
6957 size_t i0 = i;
6958 v.elements[i0] =
6959 libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer(
6960 v.elements[i0], c);
6961 }
6962 return v;
6963 }
6964
6965 /**
6966 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
6967 libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
6968 */
6969 static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector
libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_0d(libcrux_ml_kem_vector_portable_vector_type_PortableVector v,int16_t r)6970 libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_0d(
6971 libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t r) {
6972 return libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_by_constant(
6973 v, r);
6974 }
6975
6976 /**
6977 The `compress_*` functions implement the `Compress` function specified in the
6978 NIST FIPS 203 standard (Page 18, Expression 4.5), which is defined as:
6979
6980 ```plaintext
6981 Compress_d: ℤq -> ℤ_{2ᵈ}
6982 Compress_d(x) = ⌈(2ᵈ/q)·x⌋
6983 ```
6984
6985 Since `⌈x⌋ = ⌊x + 1/2⌋` we have:
6986
6987 ```plaintext
6988 Compress_d(x) = ⌊(2ᵈ/q)·x + 1/2⌋
6989 = ⌊(2^{d+1}·x + q) / 2q⌋
6990 ```
6991
6992 For further information about the function implementations, consult the
6993 `implementation_notes.pdf` document in this directory.
6994
6995 The NIST FIPS 203 standard can be found at
6996 <https://csrc.nist.gov/pubs/fips/203/ipd>.
6997 */
6998 static inline uint8_t
libcrux_ml_kem_vector_portable_compress_compress_message_coefficient(uint16_t fe)6999 libcrux_ml_kem_vector_portable_compress_compress_message_coefficient(
7000 uint16_t fe) {
7001 int16_t shifted = (int16_t)1664 - (int16_t)fe;
7002 int16_t mask = shifted >> 15U;
7003 int16_t shifted_to_positive = mask ^ shifted;
7004 int16_t shifted_positive_in_range = shifted_to_positive - (int16_t)832;
7005 return (uint8_t)(shifted_positive_in_range >> 15U & (int16_t)1);
7006 }
7007
7008 static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector
libcrux_ml_kem_vector_portable_compress_compress_1(libcrux_ml_kem_vector_portable_vector_type_PortableVector v)7009 libcrux_ml_kem_vector_portable_compress_compress_1(
7010 libcrux_ml_kem_vector_portable_vector_type_PortableVector v) {
7011 for (size_t i = (size_t)0U;
7012 i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) {
7013 size_t i0 = i;
7014 v.elements[i0] = (int16_t)
7015 libcrux_ml_kem_vector_portable_compress_compress_message_coefficient(
7016 (uint16_t)v.elements[i0]);
7017 }
7018 return v;
7019 }
7020
7021 /**
7022 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
7023 libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
7024 */
7025 static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector
libcrux_ml_kem_vector_portable_compress_1_0d(libcrux_ml_kem_vector_portable_vector_type_PortableVector v)7026 libcrux_ml_kem_vector_portable_compress_1_0d(
7027 libcrux_ml_kem_vector_portable_vector_type_PortableVector v) {
7028 return libcrux_ml_kem_vector_portable_compress_compress_1(v);
7029 }
7030
7031 static KRML_MUSTINLINE uint32_t
libcrux_ml_kem_vector_portable_arithmetic_get_n_least_significant_bits(uint8_t n,uint32_t value)7032 libcrux_ml_kem_vector_portable_arithmetic_get_n_least_significant_bits(
7033 uint8_t n, uint32_t value) {
7034 return value & ((1U << (uint32_t)n) - 1U);
7035 }
7036
7037 static inline int16_t
libcrux_ml_kem_vector_portable_compress_compress_ciphertext_coefficient(uint8_t coefficient_bits,uint16_t fe)7038 libcrux_ml_kem_vector_portable_compress_compress_ciphertext_coefficient(
7039 uint8_t coefficient_bits, uint16_t fe) {
7040 uint64_t compressed = (uint64_t)fe << (uint32_t)coefficient_bits;
7041 compressed = compressed + 1664ULL;
7042 compressed = compressed * 10321340ULL;
7043 compressed = compressed >> 35U;
7044 return (int16_t)
7045 libcrux_ml_kem_vector_portable_arithmetic_get_n_least_significant_bits(
7046 coefficient_bits, (uint32_t)compressed);
7047 }
7048
libcrux_ml_kem_vector_portable_ntt_ntt_step(libcrux_ml_kem_vector_portable_vector_type_PortableVector * v,int16_t zeta,size_t i,size_t j)7049 static KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_ntt_ntt_step(
7050 libcrux_ml_kem_vector_portable_vector_type_PortableVector *v, int16_t zeta,
7051 size_t i, size_t j) {
7052 int16_t t =
7053 libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer(
7054 v->elements[j], zeta);
7055 v->elements[j] = v->elements[i] - t;
7056 v->elements[i] = v->elements[i] + t;
7057 }
7058
7059 static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector
libcrux_ml_kem_vector_portable_ntt_ntt_layer_1_step(libcrux_ml_kem_vector_portable_vector_type_PortableVector v,int16_t zeta0,int16_t zeta1,int16_t zeta2,int16_t zeta3)7060 libcrux_ml_kem_vector_portable_ntt_ntt_layer_1_step(
7061 libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t zeta0,
7062 int16_t zeta1, int16_t zeta2, int16_t zeta3) {
7063 libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta0, (size_t)0U,
7064 (size_t)2U);
7065 libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta0, (size_t)1U,
7066 (size_t)3U);
7067 libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta1, (size_t)4U,
7068 (size_t)6U);
7069 libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta1, (size_t)5U,
7070 (size_t)7U);
7071 libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta2, (size_t)8U,
7072 (size_t)10U);
7073 libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta2, (size_t)9U,
7074 (size_t)11U);
7075 libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta3, (size_t)12U,
7076 (size_t)14U);
7077 libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta3, (size_t)13U,
7078 (size_t)15U);
7079 return v;
7080 }
7081
7082 /**
7083 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
7084 libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
7085 */
7086 static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector
libcrux_ml_kem_vector_portable_ntt_layer_1_step_0d(libcrux_ml_kem_vector_portable_vector_type_PortableVector a,int16_t zeta0,int16_t zeta1,int16_t zeta2,int16_t zeta3)7087 libcrux_ml_kem_vector_portable_ntt_layer_1_step_0d(
7088 libcrux_ml_kem_vector_portable_vector_type_PortableVector a, int16_t zeta0,
7089 int16_t zeta1, int16_t zeta2, int16_t zeta3) {
7090 return libcrux_ml_kem_vector_portable_ntt_ntt_layer_1_step(a, zeta0, zeta1,
7091 zeta2, zeta3);
7092 }
7093
7094 static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector
libcrux_ml_kem_vector_portable_ntt_ntt_layer_2_step(libcrux_ml_kem_vector_portable_vector_type_PortableVector v,int16_t zeta0,int16_t zeta1)7095 libcrux_ml_kem_vector_portable_ntt_ntt_layer_2_step(
7096 libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t zeta0,
7097 int16_t zeta1) {
7098 libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta0, (size_t)0U,
7099 (size_t)4U);
7100 libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta0, (size_t)1U,
7101 (size_t)5U);
7102 libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta0, (size_t)2U,
7103 (size_t)6U);
7104 libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta0, (size_t)3U,
7105 (size_t)7U);
7106 libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta1, (size_t)8U,
7107 (size_t)12U);
7108 libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta1, (size_t)9U,
7109 (size_t)13U);
7110 libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta1, (size_t)10U,
7111 (size_t)14U);
7112 libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta1, (size_t)11U,
7113 (size_t)15U);
7114 return v;
7115 }
7116
7117 /**
7118 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
7119 libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
7120 */
7121 static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector
libcrux_ml_kem_vector_portable_ntt_layer_2_step_0d(libcrux_ml_kem_vector_portable_vector_type_PortableVector a,int16_t zeta0,int16_t zeta1)7122 libcrux_ml_kem_vector_portable_ntt_layer_2_step_0d(
7123 libcrux_ml_kem_vector_portable_vector_type_PortableVector a, int16_t zeta0,
7124 int16_t zeta1) {
7125 return libcrux_ml_kem_vector_portable_ntt_ntt_layer_2_step(a, zeta0, zeta1);
7126 }
7127
7128 static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector
libcrux_ml_kem_vector_portable_ntt_ntt_layer_3_step(libcrux_ml_kem_vector_portable_vector_type_PortableVector v,int16_t zeta)7129 libcrux_ml_kem_vector_portable_ntt_ntt_layer_3_step(
7130 libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t zeta) {
7131 libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta, (size_t)0U, (size_t)8U);
7132 libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta, (size_t)1U, (size_t)9U);
7133 libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta, (size_t)2U,
7134 (size_t)10U);
7135 libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta, (size_t)3U,
7136 (size_t)11U);
7137 libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta, (size_t)4U,
7138 (size_t)12U);
7139 libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta, (size_t)5U,
7140 (size_t)13U);
7141 libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta, (size_t)6U,
7142 (size_t)14U);
7143 libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta, (size_t)7U,
7144 (size_t)15U);
7145 return v;
7146 }
7147
7148 /**
7149 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
7150 libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
7151 */
7152 static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector
libcrux_ml_kem_vector_portable_ntt_layer_3_step_0d(libcrux_ml_kem_vector_portable_vector_type_PortableVector a,int16_t zeta)7153 libcrux_ml_kem_vector_portable_ntt_layer_3_step_0d(
7154 libcrux_ml_kem_vector_portable_vector_type_PortableVector a, int16_t zeta) {
7155 return libcrux_ml_kem_vector_portable_ntt_ntt_layer_3_step(a, zeta);
7156 }
7157
libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(libcrux_ml_kem_vector_portable_vector_type_PortableVector * v,int16_t zeta,size_t i,size_t j)7158 static KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(
7159 libcrux_ml_kem_vector_portable_vector_type_PortableVector *v, int16_t zeta,
7160 size_t i, size_t j) {
7161 int16_t a_minus_b = v->elements[j] - v->elements[i];
7162 v->elements[i] =
7163 libcrux_ml_kem_vector_portable_arithmetic_barrett_reduce_element(
7164 v->elements[i] + v->elements[j]);
7165 v->elements[j] =
7166 libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer(
7167 a_minus_b, zeta);
7168 }
7169
7170 static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector
libcrux_ml_kem_vector_portable_ntt_inv_ntt_layer_1_step(libcrux_ml_kem_vector_portable_vector_type_PortableVector v,int16_t zeta0,int16_t zeta1,int16_t zeta2,int16_t zeta3)7171 libcrux_ml_kem_vector_portable_ntt_inv_ntt_layer_1_step(
7172 libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t zeta0,
7173 int16_t zeta1, int16_t zeta2, int16_t zeta3) {
7174 libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta0, (size_t)0U,
7175 (size_t)2U);
7176 libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta0, (size_t)1U,
7177 (size_t)3U);
7178 libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta1, (size_t)4U,
7179 (size_t)6U);
7180 libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta1, (size_t)5U,
7181 (size_t)7U);
7182 libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta2, (size_t)8U,
7183 (size_t)10U);
7184 libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta2, (size_t)9U,
7185 (size_t)11U);
7186 libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta3, (size_t)12U,
7187 (size_t)14U);
7188 libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta3, (size_t)13U,
7189 (size_t)15U);
7190 return v;
7191 }
7192
7193 /**
7194 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
7195 libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
7196 */
7197 static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector
libcrux_ml_kem_vector_portable_inv_ntt_layer_1_step_0d(libcrux_ml_kem_vector_portable_vector_type_PortableVector a,int16_t zeta0,int16_t zeta1,int16_t zeta2,int16_t zeta3)7198 libcrux_ml_kem_vector_portable_inv_ntt_layer_1_step_0d(
7199 libcrux_ml_kem_vector_portable_vector_type_PortableVector a, int16_t zeta0,
7200 int16_t zeta1, int16_t zeta2, int16_t zeta3) {
7201 return libcrux_ml_kem_vector_portable_ntt_inv_ntt_layer_1_step(
7202 a, zeta0, zeta1, zeta2, zeta3);
7203 }
7204
7205 static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector
libcrux_ml_kem_vector_portable_ntt_inv_ntt_layer_2_step(libcrux_ml_kem_vector_portable_vector_type_PortableVector v,int16_t zeta0,int16_t zeta1)7206 libcrux_ml_kem_vector_portable_ntt_inv_ntt_layer_2_step(
7207 libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t zeta0,
7208 int16_t zeta1) {
7209 libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta0, (size_t)0U,
7210 (size_t)4U);
7211 libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta0, (size_t)1U,
7212 (size_t)5U);
7213 libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta0, (size_t)2U,
7214 (size_t)6U);
7215 libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta0, (size_t)3U,
7216 (size_t)7U);
7217 libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta1, (size_t)8U,
7218 (size_t)12U);
7219 libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta1, (size_t)9U,
7220 (size_t)13U);
7221 libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta1, (size_t)10U,
7222 (size_t)14U);
7223 libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta1, (size_t)11U,
7224 (size_t)15U);
7225 return v;
7226 }
7227
7228 /**
7229 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
7230 libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
7231 */
7232 static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector
libcrux_ml_kem_vector_portable_inv_ntt_layer_2_step_0d(libcrux_ml_kem_vector_portable_vector_type_PortableVector a,int16_t zeta0,int16_t zeta1)7233 libcrux_ml_kem_vector_portable_inv_ntt_layer_2_step_0d(
7234 libcrux_ml_kem_vector_portable_vector_type_PortableVector a, int16_t zeta0,
7235 int16_t zeta1) {
7236 return libcrux_ml_kem_vector_portable_ntt_inv_ntt_layer_2_step(a, zeta0,
7237 zeta1);
7238 }
7239
7240 static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector
libcrux_ml_kem_vector_portable_ntt_inv_ntt_layer_3_step(libcrux_ml_kem_vector_portable_vector_type_PortableVector v,int16_t zeta)7241 libcrux_ml_kem_vector_portable_ntt_inv_ntt_layer_3_step(
7242 libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t zeta) {
7243 libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta, (size_t)0U,
7244 (size_t)8U);
7245 libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta, (size_t)1U,
7246 (size_t)9U);
7247 libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta, (size_t)2U,
7248 (size_t)10U);
7249 libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta, (size_t)3U,
7250 (size_t)11U);
7251 libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta, (size_t)4U,
7252 (size_t)12U);
7253 libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta, (size_t)5U,
7254 (size_t)13U);
7255 libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta, (size_t)6U,
7256 (size_t)14U);
7257 libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta, (size_t)7U,
7258 (size_t)15U);
7259 return v;
7260 }
7261
7262 /**
7263 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
7264 libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
7265 */
7266 static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector
libcrux_ml_kem_vector_portable_inv_ntt_layer_3_step_0d(libcrux_ml_kem_vector_portable_vector_type_PortableVector a,int16_t zeta)7267 libcrux_ml_kem_vector_portable_inv_ntt_layer_3_step_0d(
7268 libcrux_ml_kem_vector_portable_vector_type_PortableVector a, int16_t zeta) {
7269 return libcrux_ml_kem_vector_portable_ntt_inv_ntt_layer_3_step(a, zeta);
7270 }
7271
7272 /**
7273 Compute the product of two Kyber binomials with respect to the
7274 modulus `X² - zeta`.
7275
7276 This function almost implements <strong>Algorithm 11</strong> of the
7277 NIST FIPS 203 standard, which is reproduced below:
7278
7279 ```plaintext
7280 Input: a₀, a₁, b₀, b₁ ∈ ℤq.
7281 Input: γ ∈ ℤq.
7282 Output: c₀, c₁ ∈ ℤq.
7283
7284 c₀ ← a₀·b₀ + a₁·b₁·γ
7285 c₁ ← a₀·b₁ + a₁·b₀
7286 return c₀, c₁
7287 ```
7288 We say "almost" because the coefficients output by this function are in
7289 the Montgomery domain (unlike in the specification).
7290
7291 The NIST FIPS 203 standard can be found at
7292 <https://csrc.nist.gov/pubs/fips/203/ipd>.
7293 */
7294 static KRML_MUSTINLINE void
libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials(libcrux_ml_kem_vector_portable_vector_type_PortableVector * a,libcrux_ml_kem_vector_portable_vector_type_PortableVector * b,int16_t zeta,size_t i,size_t j,libcrux_ml_kem_vector_portable_vector_type_PortableVector * out)7295 libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials(
7296 libcrux_ml_kem_vector_portable_vector_type_PortableVector *a,
7297 libcrux_ml_kem_vector_portable_vector_type_PortableVector *b, int16_t zeta,
7298 size_t i, size_t j,
7299 libcrux_ml_kem_vector_portable_vector_type_PortableVector *out) {
7300 int16_t o0 = libcrux_ml_kem_vector_portable_arithmetic_montgomery_reduce_element(
7301 (int32_t)a->elements[i] * (int32_t)b->elements[i] +
7302 (int32_t)
7303 libcrux_ml_kem_vector_portable_arithmetic_montgomery_reduce_element(
7304 (int32_t)a->elements[j] * (int32_t)b->elements[j]) *
7305 (int32_t)zeta);
7306 int16_t o1 =
7307 libcrux_ml_kem_vector_portable_arithmetic_montgomery_reduce_element(
7308 (int32_t)a->elements[i] * (int32_t)b->elements[j] +
7309 (int32_t)a->elements[j] * (int32_t)b->elements[i]);
7310 out->elements[i] = o0;
7311 out->elements[j] = o1;
7312 }
7313
7314 static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector
libcrux_ml_kem_vector_portable_ntt_ntt_multiply(libcrux_ml_kem_vector_portable_vector_type_PortableVector * lhs,libcrux_ml_kem_vector_portable_vector_type_PortableVector * rhs,int16_t zeta0,int16_t zeta1,int16_t zeta2,int16_t zeta3)7315 libcrux_ml_kem_vector_portable_ntt_ntt_multiply(
7316 libcrux_ml_kem_vector_portable_vector_type_PortableVector *lhs,
7317 libcrux_ml_kem_vector_portable_vector_type_PortableVector *rhs,
7318 int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3) {
7319 libcrux_ml_kem_vector_portable_vector_type_PortableVector out =
7320 libcrux_ml_kem_vector_portable_vector_type_zero();
7321 libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials(
7322 lhs, rhs, zeta0, (size_t)0U, (size_t)1U, &out);
7323 libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials(
7324 lhs, rhs, -zeta0, (size_t)2U, (size_t)3U, &out);
7325 libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials(
7326 lhs, rhs, zeta1, (size_t)4U, (size_t)5U, &out);
7327 libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials(
7328 lhs, rhs, -zeta1, (size_t)6U, (size_t)7U, &out);
7329 libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials(
7330 lhs, rhs, zeta2, (size_t)8U, (size_t)9U, &out);
7331 libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials(
7332 lhs, rhs, -zeta2, (size_t)10U, (size_t)11U, &out);
7333 libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials(
7334 lhs, rhs, zeta3, (size_t)12U, (size_t)13U, &out);
7335 libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials(
7336 lhs, rhs, -zeta3, (size_t)14U, (size_t)15U, &out);
7337 return out;
7338 }
7339
7340 /**
7341 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
7342 libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
7343 */
7344 static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector
libcrux_ml_kem_vector_portable_ntt_multiply_0d(libcrux_ml_kem_vector_portable_vector_type_PortableVector * lhs,libcrux_ml_kem_vector_portable_vector_type_PortableVector * rhs,int16_t zeta0,int16_t zeta1,int16_t zeta2,int16_t zeta3)7345 libcrux_ml_kem_vector_portable_ntt_multiply_0d(
7346 libcrux_ml_kem_vector_portable_vector_type_PortableVector *lhs,
7347 libcrux_ml_kem_vector_portable_vector_type_PortableVector *rhs,
7348 int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3) {
7349 return libcrux_ml_kem_vector_portable_ntt_ntt_multiply(lhs, rhs, zeta0, zeta1,
7350 zeta2, zeta3);
7351 }
7352
7353 static KRML_MUSTINLINE void
libcrux_ml_kem_vector_portable_serialize_serialize_1(libcrux_ml_kem_vector_portable_vector_type_PortableVector v,uint8_t ret[2U])7354 libcrux_ml_kem_vector_portable_serialize_serialize_1(
7355 libcrux_ml_kem_vector_portable_vector_type_PortableVector v,
7356 uint8_t ret[2U]) {
7357 uint8_t result[2U] = {0U};
7358 for (size_t i = (size_t)0U; i < (size_t)8U; i++) {
7359 size_t i0 = i;
7360 size_t uu____0 = (size_t)0U;
7361 result[uu____0] = (uint32_t)result[uu____0] |
7362 (uint32_t)(uint8_t)v.elements[i0] << (uint32_t)i0;
7363 }
7364 for (size_t i = (size_t)8U; i < (size_t)16U; i++) {
7365 size_t i0 = i;
7366 size_t uu____1 = (size_t)1U;
7367 result[uu____1] =
7368 (uint32_t)result[uu____1] | (uint32_t)(uint8_t)v.elements[i0]
7369 << (uint32_t)(i0 - (size_t)8U);
7370 }
7371 memcpy(ret, result, (size_t)2U * sizeof(uint8_t));
7372 }
7373
7374 /**
7375 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
7376 libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
7377 */
libcrux_ml_kem_vector_portable_serialize_1_0d(libcrux_ml_kem_vector_portable_vector_type_PortableVector a,uint8_t ret[2U])7378 static inline void libcrux_ml_kem_vector_portable_serialize_1_0d(
7379 libcrux_ml_kem_vector_portable_vector_type_PortableVector a,
7380 uint8_t ret[2U]) {
7381 libcrux_ml_kem_vector_portable_serialize_serialize_1(a, ret);
7382 }
7383
7384 static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector
libcrux_ml_kem_vector_portable_serialize_deserialize_1(Eurydice_slice v)7385 libcrux_ml_kem_vector_portable_serialize_deserialize_1(Eurydice_slice v) {
7386 libcrux_ml_kem_vector_portable_vector_type_PortableVector result =
7387 libcrux_ml_kem_vector_portable_vector_type_zero();
7388 for (size_t i = (size_t)0U; i < (size_t)8U; i++) {
7389 size_t i0 = i;
7390 result.elements[i0] = (int16_t)((uint32_t)Eurydice_slice_index(
7391 v, (size_t)0U, uint8_t, uint8_t *) >>
7392 (uint32_t)i0 &
7393 1U);
7394 }
7395 for (size_t i = (size_t)8U;
7396 i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) {
7397 size_t i0 = i;
7398 result.elements[i0] = (int16_t)((uint32_t)Eurydice_slice_index(
7399 v, (size_t)1U, uint8_t, uint8_t *) >>
7400 (uint32_t)(i0 - (size_t)8U) &
7401 1U);
7402 }
7403 return result;
7404 }
7405
7406 /**
7407 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
7408 libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
7409 */
7410 static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector
libcrux_ml_kem_vector_portable_deserialize_1_0d(Eurydice_slice a)7411 libcrux_ml_kem_vector_portable_deserialize_1_0d(Eurydice_slice a) {
7412 return libcrux_ml_kem_vector_portable_serialize_deserialize_1(a);
7413 }
7414
7415 typedef struct uint8_t_x4_s {
7416 uint8_t fst;
7417 uint8_t snd;
7418 uint8_t thd;
7419 uint8_t f3;
7420 } uint8_t_x4;
7421
7422 static KRML_MUSTINLINE uint8_t_x4
libcrux_ml_kem_vector_portable_serialize_serialize_4_int(Eurydice_slice v)7423 libcrux_ml_kem_vector_portable_serialize_serialize_4_int(Eurydice_slice v) {
7424 uint8_t result0 =
7425 (uint32_t)(uint8_t)Eurydice_slice_index(v, (size_t)1U, int16_t, int16_t *)
7426 << 4U |
7427 (uint32_t)(uint8_t)Eurydice_slice_index(v, (size_t)0U, int16_t,
7428 int16_t *);
7429 uint8_t result1 =
7430 (uint32_t)(uint8_t)Eurydice_slice_index(v, (size_t)3U, int16_t, int16_t *)
7431 << 4U |
7432 (uint32_t)(uint8_t)Eurydice_slice_index(v, (size_t)2U, int16_t,
7433 int16_t *);
7434 uint8_t result2 =
7435 (uint32_t)(uint8_t)Eurydice_slice_index(v, (size_t)5U, int16_t, int16_t *)
7436 << 4U |
7437 (uint32_t)(uint8_t)Eurydice_slice_index(v, (size_t)4U, int16_t,
7438 int16_t *);
7439 uint8_t result3 =
7440 (uint32_t)(uint8_t)Eurydice_slice_index(v, (size_t)7U, int16_t, int16_t *)
7441 << 4U |
7442 (uint32_t)(uint8_t)Eurydice_slice_index(v, (size_t)6U, int16_t,
7443 int16_t *);
7444 return (CLITERAL(uint8_t_x4){
7445 .fst = result0, .snd = result1, .thd = result2, .f3 = result3});
7446 }
7447
7448 static KRML_MUSTINLINE void
libcrux_ml_kem_vector_portable_serialize_serialize_4(libcrux_ml_kem_vector_portable_vector_type_PortableVector v,uint8_t ret[8U])7449 libcrux_ml_kem_vector_portable_serialize_serialize_4(
7450 libcrux_ml_kem_vector_portable_vector_type_PortableVector v,
7451 uint8_t ret[8U]) {
7452 uint8_t_x4 result0_3 =
7453 libcrux_ml_kem_vector_portable_serialize_serialize_4_int(
7454 Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)8U,
7455 int16_t));
7456 uint8_t_x4 result4_7 =
7457 libcrux_ml_kem_vector_portable_serialize_serialize_4_int(
7458 Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)16U,
7459 int16_t));
7460 uint8_t result[8U] = {0U};
7461 result[0U] = result0_3.fst;
7462 result[1U] = result0_3.snd;
7463 result[2U] = result0_3.thd;
7464 result[3U] = result0_3.f3;
7465 result[4U] = result4_7.fst;
7466 result[5U] = result4_7.snd;
7467 result[6U] = result4_7.thd;
7468 result[7U] = result4_7.f3;
7469 memcpy(ret, result, (size_t)8U * sizeof(uint8_t));
7470 }
7471
7472 /**
7473 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
7474 libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
7475 */
libcrux_ml_kem_vector_portable_serialize_4_0d(libcrux_ml_kem_vector_portable_vector_type_PortableVector a,uint8_t ret[8U])7476 static inline void libcrux_ml_kem_vector_portable_serialize_4_0d(
7477 libcrux_ml_kem_vector_portable_vector_type_PortableVector a,
7478 uint8_t ret[8U]) {
7479 libcrux_ml_kem_vector_portable_serialize_serialize_4(a, ret);
7480 }
7481
7482 static KRML_MUSTINLINE int16_t_x8
libcrux_ml_kem_vector_portable_serialize_deserialize_4_int(Eurydice_slice bytes)7483 libcrux_ml_kem_vector_portable_serialize_deserialize_4_int(
7484 Eurydice_slice bytes) {
7485 int16_t v0 = (int16_t)((uint32_t)Eurydice_slice_index(bytes, (size_t)0U,
7486 uint8_t, uint8_t *) &
7487 15U);
7488 int16_t v1 = (int16_t)((uint32_t)Eurydice_slice_index(bytes, (size_t)0U,
7489 uint8_t, uint8_t *) >>
7490 4U &
7491 15U);
7492 int16_t v2 = (int16_t)((uint32_t)Eurydice_slice_index(bytes, (size_t)1U,
7493 uint8_t, uint8_t *) &
7494 15U);
7495 int16_t v3 = (int16_t)((uint32_t)Eurydice_slice_index(bytes, (size_t)1U,
7496 uint8_t, uint8_t *) >>
7497 4U &
7498 15U);
7499 int16_t v4 = (int16_t)((uint32_t)Eurydice_slice_index(bytes, (size_t)2U,
7500 uint8_t, uint8_t *) &
7501 15U);
7502 int16_t v5 = (int16_t)((uint32_t)Eurydice_slice_index(bytes, (size_t)2U,
7503 uint8_t, uint8_t *) >>
7504 4U &
7505 15U);
7506 int16_t v6 = (int16_t)((uint32_t)Eurydice_slice_index(bytes, (size_t)3U,
7507 uint8_t, uint8_t *) &
7508 15U);
7509 int16_t v7 = (int16_t)((uint32_t)Eurydice_slice_index(bytes, (size_t)3U,
7510 uint8_t, uint8_t *) >>
7511 4U &
7512 15U);
7513 return (CLITERAL(int16_t_x8){.fst = v0,
7514 .snd = v1,
7515 .thd = v2,
7516 .f3 = v3,
7517 .f4 = v4,
7518 .f5 = v5,
7519 .f6 = v6,
7520 .f7 = v7});
7521 }
7522
7523 static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector
libcrux_ml_kem_vector_portable_serialize_deserialize_4(Eurydice_slice bytes)7524 libcrux_ml_kem_vector_portable_serialize_deserialize_4(Eurydice_slice bytes) {
7525 int16_t_x8 v0_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_4_int(
7526 Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)4U, uint8_t));
7527 int16_t_x8 v8_15 = libcrux_ml_kem_vector_portable_serialize_deserialize_4_int(
7528 Eurydice_slice_subslice2(bytes, (size_t)4U, (size_t)8U, uint8_t));
7529 libcrux_ml_kem_vector_portable_vector_type_PortableVector v =
7530 libcrux_ml_kem_vector_portable_vector_type_zero();
7531 v.elements[0U] = v0_7.fst;
7532 v.elements[1U] = v0_7.snd;
7533 v.elements[2U] = v0_7.thd;
7534 v.elements[3U] = v0_7.f3;
7535 v.elements[4U] = v0_7.f4;
7536 v.elements[5U] = v0_7.f5;
7537 v.elements[6U] = v0_7.f6;
7538 v.elements[7U] = v0_7.f7;
7539 v.elements[8U] = v8_15.fst;
7540 v.elements[9U] = v8_15.snd;
7541 v.elements[10U] = v8_15.thd;
7542 v.elements[11U] = v8_15.f3;
7543 v.elements[12U] = v8_15.f4;
7544 v.elements[13U] = v8_15.f5;
7545 v.elements[14U] = v8_15.f6;
7546 v.elements[15U] = v8_15.f7;
7547 return v;
7548 }
7549
7550 /**
7551 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
7552 libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
7553 */
7554 static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector
libcrux_ml_kem_vector_portable_deserialize_4_0d(Eurydice_slice a)7555 libcrux_ml_kem_vector_portable_deserialize_4_0d(Eurydice_slice a) {
7556 return libcrux_ml_kem_vector_portable_serialize_deserialize_4(a);
7557 }
7558
7559 typedef struct uint8_t_x5_s {
7560 uint8_t fst;
7561 uint8_t snd;
7562 uint8_t thd;
7563 uint8_t f3;
7564 uint8_t f4;
7565 } uint8_t_x5;
7566
7567 static KRML_MUSTINLINE uint8_t_x5
libcrux_ml_kem_vector_portable_serialize_serialize_5_int(Eurydice_slice v)7568 libcrux_ml_kem_vector_portable_serialize_serialize_5_int(Eurydice_slice v) {
7569 uint8_t r0 =
7570 (uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *) |
7571 Eurydice_slice_index(v, (size_t)1U, int16_t, int16_t *) << 5U);
7572 uint8_t r1 =
7573 (uint8_t)((Eurydice_slice_index(v, (size_t)1U, int16_t, int16_t *) >> 3U |
7574 Eurydice_slice_index(v, (size_t)2U, int16_t, int16_t *)
7575 << 2U) |
7576 Eurydice_slice_index(v, (size_t)3U, int16_t, int16_t *) << 7U);
7577 uint8_t r2 =
7578 (uint8_t)(Eurydice_slice_index(v, (size_t)3U, int16_t, int16_t *) >> 1U |
7579 Eurydice_slice_index(v, (size_t)4U, int16_t, int16_t *) << 4U);
7580 uint8_t r3 =
7581 (uint8_t)((Eurydice_slice_index(v, (size_t)4U, int16_t, int16_t *) >> 4U |
7582 Eurydice_slice_index(v, (size_t)5U, int16_t, int16_t *)
7583 << 1U) |
7584 Eurydice_slice_index(v, (size_t)6U, int16_t, int16_t *) << 6U);
7585 uint8_t r4 =
7586 (uint8_t)(Eurydice_slice_index(v, (size_t)6U, int16_t, int16_t *) >> 2U |
7587 Eurydice_slice_index(v, (size_t)7U, int16_t, int16_t *) << 3U);
7588 return (CLITERAL(uint8_t_x5){
7589 .fst = r0, .snd = r1, .thd = r2, .f3 = r3, .f4 = r4});
7590 }
7591
7592 static KRML_MUSTINLINE void
libcrux_ml_kem_vector_portable_serialize_serialize_5(libcrux_ml_kem_vector_portable_vector_type_PortableVector v,uint8_t ret[10U])7593 libcrux_ml_kem_vector_portable_serialize_serialize_5(
7594 libcrux_ml_kem_vector_portable_vector_type_PortableVector v,
7595 uint8_t ret[10U]) {
7596 uint8_t_x5 r0_4 = libcrux_ml_kem_vector_portable_serialize_serialize_5_int(
7597 Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)8U, int16_t));
7598 uint8_t_x5 r5_9 = libcrux_ml_kem_vector_portable_serialize_serialize_5_int(
7599 Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)16U,
7600 int16_t));
7601 uint8_t result[10U] = {0U};
7602 result[0U] = r0_4.fst;
7603 result[1U] = r0_4.snd;
7604 result[2U] = r0_4.thd;
7605 result[3U] = r0_4.f3;
7606 result[4U] = r0_4.f4;
7607 result[5U] = r5_9.fst;
7608 result[6U] = r5_9.snd;
7609 result[7U] = r5_9.thd;
7610 result[8U] = r5_9.f3;
7611 result[9U] = r5_9.f4;
7612 memcpy(ret, result, (size_t)10U * sizeof(uint8_t));
7613 }
7614
7615 /**
7616 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
7617 libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
7618 */
libcrux_ml_kem_vector_portable_serialize_5_0d(libcrux_ml_kem_vector_portable_vector_type_PortableVector a,uint8_t ret[10U])7619 static inline void libcrux_ml_kem_vector_portable_serialize_5_0d(
7620 libcrux_ml_kem_vector_portable_vector_type_PortableVector a,
7621 uint8_t ret[10U]) {
7622 libcrux_ml_kem_vector_portable_serialize_serialize_5(a, ret);
7623 }
7624
7625 static KRML_MUSTINLINE int16_t_x8
libcrux_ml_kem_vector_portable_serialize_deserialize_5_int(Eurydice_slice bytes)7626 libcrux_ml_kem_vector_portable_serialize_deserialize_5_int(
7627 Eurydice_slice bytes) {
7628 int16_t v0 = (int16_t)((uint32_t)Eurydice_slice_index(bytes, (size_t)0U,
7629 uint8_t, uint8_t *) &
7630 31U);
7631 int16_t v1 = (int16_t)(((uint32_t)Eurydice_slice_index(bytes, (size_t)1U,
7632 uint8_t, uint8_t *) &
7633 3U) << 3U |
7634 (uint32_t)Eurydice_slice_index(bytes, (size_t)0U,
7635 uint8_t, uint8_t *) >>
7636 5U);
7637 int16_t v2 = (int16_t)((uint32_t)Eurydice_slice_index(bytes, (size_t)1U,
7638 uint8_t, uint8_t *) >>
7639 2U &
7640 31U);
7641 int16_t v3 = (int16_t)(((uint32_t)Eurydice_slice_index(bytes, (size_t)2U,
7642 uint8_t, uint8_t *) &
7643 15U)
7644 << 1U |
7645 (uint32_t)Eurydice_slice_index(bytes, (size_t)1U,
7646 uint8_t, uint8_t *) >>
7647 7U);
7648 int16_t v4 = (int16_t)(((uint32_t)Eurydice_slice_index(bytes, (size_t)3U,
7649 uint8_t, uint8_t *) &
7650 1U) << 4U |
7651 (uint32_t)Eurydice_slice_index(bytes, (size_t)2U,
7652 uint8_t, uint8_t *) >>
7653 4U);
7654 int16_t v5 = (int16_t)((uint32_t)Eurydice_slice_index(bytes, (size_t)3U,
7655 uint8_t, uint8_t *) >>
7656 1U &
7657 31U);
7658 int16_t v6 = (int16_t)(((uint32_t)Eurydice_slice_index(bytes, (size_t)4U,
7659 uint8_t, uint8_t *) &
7660 7U) << 2U |
7661 (uint32_t)Eurydice_slice_index(bytes, (size_t)3U,
7662 uint8_t, uint8_t *) >>
7663 6U);
7664 int16_t v7 = (int16_t)((uint32_t)Eurydice_slice_index(bytes, (size_t)4U,
7665 uint8_t, uint8_t *) >>
7666 3U);
7667 return (CLITERAL(int16_t_x8){.fst = v0,
7668 .snd = v1,
7669 .thd = v2,
7670 .f3 = v3,
7671 .f4 = v4,
7672 .f5 = v5,
7673 .f6 = v6,
7674 .f7 = v7});
7675 }
7676
7677 static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector
libcrux_ml_kem_vector_portable_serialize_deserialize_5(Eurydice_slice bytes)7678 libcrux_ml_kem_vector_portable_serialize_deserialize_5(Eurydice_slice bytes) {
7679 int16_t_x8 v0_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_5_int(
7680 Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)5U, uint8_t));
7681 int16_t_x8 v8_15 = libcrux_ml_kem_vector_portable_serialize_deserialize_5_int(
7682 Eurydice_slice_subslice2(bytes, (size_t)5U, (size_t)10U, uint8_t));
7683 libcrux_ml_kem_vector_portable_vector_type_PortableVector v =
7684 libcrux_ml_kem_vector_portable_vector_type_zero();
7685 v.elements[0U] = v0_7.fst;
7686 v.elements[1U] = v0_7.snd;
7687 v.elements[2U] = v0_7.thd;
7688 v.elements[3U] = v0_7.f3;
7689 v.elements[4U] = v0_7.f4;
7690 v.elements[5U] = v0_7.f5;
7691 v.elements[6U] = v0_7.f6;
7692 v.elements[7U] = v0_7.f7;
7693 v.elements[8U] = v8_15.fst;
7694 v.elements[9U] = v8_15.snd;
7695 v.elements[10U] = v8_15.thd;
7696 v.elements[11U] = v8_15.f3;
7697 v.elements[12U] = v8_15.f4;
7698 v.elements[13U] = v8_15.f5;
7699 v.elements[14U] = v8_15.f6;
7700 v.elements[15U] = v8_15.f7;
7701 return v;
7702 }
7703
7704 /**
7705 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
7706 libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
7707 */
7708 static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector
libcrux_ml_kem_vector_portable_deserialize_5_0d(Eurydice_slice a)7709 libcrux_ml_kem_vector_portable_deserialize_5_0d(Eurydice_slice a) {
7710 return libcrux_ml_kem_vector_portable_serialize_deserialize_5(a);
7711 }
7712
7713 static KRML_MUSTINLINE uint8_t_x5
libcrux_ml_kem_vector_portable_serialize_serialize_10_int(Eurydice_slice v)7714 libcrux_ml_kem_vector_portable_serialize_serialize_10_int(Eurydice_slice v) {
7715 uint8_t r0 =
7716 (uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *) &
7717 (int16_t)255);
7718 uint8_t r1 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)1U, int16_t,
7719 int16_t *) &
7720 (int16_t)63)
7721 << 2U |
7722 (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t,
7723 int16_t *) >>
7724 8U &
7725 (int16_t)3);
7726 uint8_t r2 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)2U, int16_t,
7727 int16_t *) &
7728 (int16_t)15)
7729 << 4U |
7730 (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)1U, int16_t,
7731 int16_t *) >>
7732 6U &
7733 (int16_t)15);
7734 uint8_t r3 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)3U, int16_t,
7735 int16_t *) &
7736 (int16_t)3)
7737 << 6U |
7738 (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)2U, int16_t,
7739 int16_t *) >>
7740 4U &
7741 (int16_t)63);
7742 uint8_t r4 =
7743 (uint8_t)(Eurydice_slice_index(v, (size_t)3U, int16_t, int16_t *) >> 2U &
7744 (int16_t)255);
7745 return (CLITERAL(uint8_t_x5){
7746 .fst = r0, .snd = r1, .thd = r2, .f3 = r3, .f4 = r4});
7747 }
7748
7749 static KRML_MUSTINLINE void
libcrux_ml_kem_vector_portable_serialize_serialize_10(libcrux_ml_kem_vector_portable_vector_type_PortableVector v,uint8_t ret[20U])7750 libcrux_ml_kem_vector_portable_serialize_serialize_10(
7751 libcrux_ml_kem_vector_portable_vector_type_PortableVector v,
7752 uint8_t ret[20U]) {
7753 uint8_t_x5 r0_4 = libcrux_ml_kem_vector_portable_serialize_serialize_10_int(
7754 Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)4U, int16_t));
7755 uint8_t_x5 r5_9 = libcrux_ml_kem_vector_portable_serialize_serialize_10_int(
7756 Eurydice_array_to_subslice2(v.elements, (size_t)4U, (size_t)8U, int16_t));
7757 uint8_t_x5 r10_14 = libcrux_ml_kem_vector_portable_serialize_serialize_10_int(
7758 Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)12U,
7759 int16_t));
7760 uint8_t_x5 r15_19 = libcrux_ml_kem_vector_portable_serialize_serialize_10_int(
7761 Eurydice_array_to_subslice2(v.elements, (size_t)12U, (size_t)16U,
7762 int16_t));
7763 uint8_t result[20U] = {0U};
7764 result[0U] = r0_4.fst;
7765 result[1U] = r0_4.snd;
7766 result[2U] = r0_4.thd;
7767 result[3U] = r0_4.f3;
7768 result[4U] = r0_4.f4;
7769 result[5U] = r5_9.fst;
7770 result[6U] = r5_9.snd;
7771 result[7U] = r5_9.thd;
7772 result[8U] = r5_9.f3;
7773 result[9U] = r5_9.f4;
7774 result[10U] = r10_14.fst;
7775 result[11U] = r10_14.snd;
7776 result[12U] = r10_14.thd;
7777 result[13U] = r10_14.f3;
7778 result[14U] = r10_14.f4;
7779 result[15U] = r15_19.fst;
7780 result[16U] = r15_19.snd;
7781 result[17U] = r15_19.thd;
7782 result[18U] = r15_19.f3;
7783 result[19U] = r15_19.f4;
7784 memcpy(ret, result, (size_t)20U * sizeof(uint8_t));
7785 }
7786
7787 /**
7788 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
7789 libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
7790 */
libcrux_ml_kem_vector_portable_serialize_10_0d(libcrux_ml_kem_vector_portable_vector_type_PortableVector a,uint8_t ret[20U])7791 static inline void libcrux_ml_kem_vector_portable_serialize_10_0d(
7792 libcrux_ml_kem_vector_portable_vector_type_PortableVector a,
7793 uint8_t ret[20U]) {
7794 libcrux_ml_kem_vector_portable_serialize_serialize_10(a, ret);
7795 }
7796
7797 static KRML_MUSTINLINE int16_t_x8
libcrux_ml_kem_vector_portable_serialize_deserialize_10_int(Eurydice_slice bytes)7798 libcrux_ml_kem_vector_portable_serialize_deserialize_10_int(
7799 Eurydice_slice bytes) {
7800 int16_t r0 =
7801 ((int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *) &
7802 (int16_t)3)
7803 << 8U |
7804 ((int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *) &
7805 (int16_t)255);
7806 int16_t r1 =
7807 ((int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *) &
7808 (int16_t)15)
7809 << 6U |
7810 (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *) >>
7811 2U;
7812 int16_t r2 =
7813 ((int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *) &
7814 (int16_t)63)
7815 << 4U |
7816 (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *) >>
7817 4U;
7818 int16_t r3 =
7819 (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *)
7820 << 2U |
7821 (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *) >>
7822 6U;
7823 int16_t r4 =
7824 ((int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *) &
7825 (int16_t)3)
7826 << 8U |
7827 ((int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *) &
7828 (int16_t)255);
7829 int16_t r5 =
7830 ((int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *) &
7831 (int16_t)15)
7832 << 6U |
7833 (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *) >>
7834 2U;
7835 int16_t r6 =
7836 ((int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *) &
7837 (int16_t)63)
7838 << 4U |
7839 (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *) >>
7840 4U;
7841 int16_t r7 =
7842 (int16_t)Eurydice_slice_index(bytes, (size_t)9U, uint8_t, uint8_t *)
7843 << 2U |
7844 (int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *) >>
7845 6U;
7846 return (CLITERAL(int16_t_x8){.fst = r0,
7847 .snd = r1,
7848 .thd = r2,
7849 .f3 = r3,
7850 .f4 = r4,
7851 .f5 = r5,
7852 .f6 = r6,
7853 .f7 = r7});
7854 }
7855
7856 static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector
libcrux_ml_kem_vector_portable_serialize_deserialize_10(Eurydice_slice bytes)7857 libcrux_ml_kem_vector_portable_serialize_deserialize_10(Eurydice_slice bytes) {
7858 int16_t_x8 v0_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_10_int(
7859 Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)10U, uint8_t));
7860 int16_t_x8 v8_15 =
7861 libcrux_ml_kem_vector_portable_serialize_deserialize_10_int(
7862 Eurydice_slice_subslice2(bytes, (size_t)10U, (size_t)20U, uint8_t));
7863 libcrux_ml_kem_vector_portable_vector_type_PortableVector v =
7864 libcrux_ml_kem_vector_portable_vector_type_zero();
7865 v.elements[0U] = v0_7.fst;
7866 v.elements[1U] = v0_7.snd;
7867 v.elements[2U] = v0_7.thd;
7868 v.elements[3U] = v0_7.f3;
7869 v.elements[4U] = v0_7.f4;
7870 v.elements[5U] = v0_7.f5;
7871 v.elements[6U] = v0_7.f6;
7872 v.elements[7U] = v0_7.f7;
7873 v.elements[8U] = v8_15.fst;
7874 v.elements[9U] = v8_15.snd;
7875 v.elements[10U] = v8_15.thd;
7876 v.elements[11U] = v8_15.f3;
7877 v.elements[12U] = v8_15.f4;
7878 v.elements[13U] = v8_15.f5;
7879 v.elements[14U] = v8_15.f6;
7880 v.elements[15U] = v8_15.f7;
7881 return v;
7882 }
7883
7884 /**
7885 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
7886 libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
7887 */
7888 static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector
libcrux_ml_kem_vector_portable_deserialize_10_0d(Eurydice_slice a)7889 libcrux_ml_kem_vector_portable_deserialize_10_0d(Eurydice_slice a) {
7890 return libcrux_ml_kem_vector_portable_serialize_deserialize_10(a);
7891 }
7892
7893 typedef struct uint8_t_x3_s {
7894 uint8_t fst;
7895 uint8_t snd;
7896 uint8_t thd;
7897 } uint8_t_x3;
7898
7899 static KRML_MUSTINLINE uint8_t_x3
libcrux_ml_kem_vector_portable_serialize_serialize_12_int(Eurydice_slice v)7900 libcrux_ml_kem_vector_portable_serialize_serialize_12_int(Eurydice_slice v) {
7901 uint8_t r0 =
7902 (uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *) &
7903 (int16_t)255);
7904 uint8_t r1 =
7905 (uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *) >> 8U |
7906 (Eurydice_slice_index(v, (size_t)1U, int16_t, int16_t *) &
7907 (int16_t)15)
7908 << 4U);
7909 uint8_t r2 =
7910 (uint8_t)(Eurydice_slice_index(v, (size_t)1U, int16_t, int16_t *) >> 4U &
7911 (int16_t)255);
7912 return (CLITERAL(uint8_t_x3){.fst = r0, .snd = r1, .thd = r2});
7913 }
7914
7915 static KRML_MUSTINLINE void
libcrux_ml_kem_vector_portable_serialize_serialize_12(libcrux_ml_kem_vector_portable_vector_type_PortableVector v,uint8_t ret[24U])7916 libcrux_ml_kem_vector_portable_serialize_serialize_12(
7917 libcrux_ml_kem_vector_portable_vector_type_PortableVector v,
7918 uint8_t ret[24U]) {
7919 uint8_t_x3 r0_2 = libcrux_ml_kem_vector_portable_serialize_serialize_12_int(
7920 Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)2U, int16_t));
7921 uint8_t_x3 r3_5 = libcrux_ml_kem_vector_portable_serialize_serialize_12_int(
7922 Eurydice_array_to_subslice2(v.elements, (size_t)2U, (size_t)4U, int16_t));
7923 uint8_t_x3 r6_8 = libcrux_ml_kem_vector_portable_serialize_serialize_12_int(
7924 Eurydice_array_to_subslice2(v.elements, (size_t)4U, (size_t)6U, int16_t));
7925 uint8_t_x3 r9_11 = libcrux_ml_kem_vector_portable_serialize_serialize_12_int(
7926 Eurydice_array_to_subslice2(v.elements, (size_t)6U, (size_t)8U, int16_t));
7927 uint8_t_x3 r12_14 = libcrux_ml_kem_vector_portable_serialize_serialize_12_int(
7928 Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)10U,
7929 int16_t));
7930 uint8_t_x3 r15_17 = libcrux_ml_kem_vector_portable_serialize_serialize_12_int(
7931 Eurydice_array_to_subslice2(v.elements, (size_t)10U, (size_t)12U,
7932 int16_t));
7933 uint8_t_x3 r18_20 = libcrux_ml_kem_vector_portable_serialize_serialize_12_int(
7934 Eurydice_array_to_subslice2(v.elements, (size_t)12U, (size_t)14U,
7935 int16_t));
7936 uint8_t_x3 r21_23 = libcrux_ml_kem_vector_portable_serialize_serialize_12_int(
7937 Eurydice_array_to_subslice2(v.elements, (size_t)14U, (size_t)16U,
7938 int16_t));
7939 uint8_t result[24U] = {0U};
7940 result[0U] = r0_2.fst;
7941 result[1U] = r0_2.snd;
7942 result[2U] = r0_2.thd;
7943 result[3U] = r3_5.fst;
7944 result[4U] = r3_5.snd;
7945 result[5U] = r3_5.thd;
7946 result[6U] = r6_8.fst;
7947 result[7U] = r6_8.snd;
7948 result[8U] = r6_8.thd;
7949 result[9U] = r9_11.fst;
7950 result[10U] = r9_11.snd;
7951 result[11U] = r9_11.thd;
7952 result[12U] = r12_14.fst;
7953 result[13U] = r12_14.snd;
7954 result[14U] = r12_14.thd;
7955 result[15U] = r15_17.fst;
7956 result[16U] = r15_17.snd;
7957 result[17U] = r15_17.thd;
7958 result[18U] = r18_20.fst;
7959 result[19U] = r18_20.snd;
7960 result[20U] = r18_20.thd;
7961 result[21U] = r21_23.fst;
7962 result[22U] = r21_23.snd;
7963 result[23U] = r21_23.thd;
7964 memcpy(ret, result, (size_t)24U * sizeof(uint8_t));
7965 }
7966
7967 /**
7968 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
7969 libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
7970 */
libcrux_ml_kem_vector_portable_serialize_12_0d(libcrux_ml_kem_vector_portable_vector_type_PortableVector a,uint8_t ret[24U])7971 static inline void libcrux_ml_kem_vector_portable_serialize_12_0d(
7972 libcrux_ml_kem_vector_portable_vector_type_PortableVector a,
7973 uint8_t ret[24U]) {
7974 libcrux_ml_kem_vector_portable_serialize_serialize_12(a, ret);
7975 }
7976
7977 typedef struct int16_t_x2_s {
7978 int16_t fst;
7979 int16_t snd;
7980 } int16_t_x2;
7981
7982 static KRML_MUSTINLINE int16_t_x2
libcrux_ml_kem_vector_portable_serialize_deserialize_12_int(Eurydice_slice bytes)7983 libcrux_ml_kem_vector_portable_serialize_deserialize_12_int(
7984 Eurydice_slice bytes) {
7985 int16_t byte0 =
7986 (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *);
7987 int16_t byte1 =
7988 (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *);
7989 int16_t byte2 =
7990 (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *);
7991 int16_t r0 = (byte1 & (int16_t)15) << 8U | (byte0 & (int16_t)255);
7992 int16_t r1 = byte2 << 4U | (byte1 >> 4U & (int16_t)15);
7993 return (CLITERAL(int16_t_x2){.fst = r0, .snd = r1});
7994 }
7995
7996 static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector
libcrux_ml_kem_vector_portable_serialize_deserialize_12(Eurydice_slice bytes)7997 libcrux_ml_kem_vector_portable_serialize_deserialize_12(Eurydice_slice bytes) {
7998 int16_t_x2 v0_1 = libcrux_ml_kem_vector_portable_serialize_deserialize_12_int(
7999 Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)3U, uint8_t));
8000 int16_t_x2 v2_3 = libcrux_ml_kem_vector_portable_serialize_deserialize_12_int(
8001 Eurydice_slice_subslice2(bytes, (size_t)3U, (size_t)6U, uint8_t));
8002 int16_t_x2 v4_5 = libcrux_ml_kem_vector_portable_serialize_deserialize_12_int(
8003 Eurydice_slice_subslice2(bytes, (size_t)6U, (size_t)9U, uint8_t));
8004 int16_t_x2 v6_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_12_int(
8005 Eurydice_slice_subslice2(bytes, (size_t)9U, (size_t)12U, uint8_t));
8006 int16_t_x2 v8_9 = libcrux_ml_kem_vector_portable_serialize_deserialize_12_int(
8007 Eurydice_slice_subslice2(bytes, (size_t)12U, (size_t)15U, uint8_t));
8008 int16_t_x2 v10_11 =
8009 libcrux_ml_kem_vector_portable_serialize_deserialize_12_int(
8010 Eurydice_slice_subslice2(bytes, (size_t)15U, (size_t)18U, uint8_t));
8011 int16_t_x2 v12_13 =
8012 libcrux_ml_kem_vector_portable_serialize_deserialize_12_int(
8013 Eurydice_slice_subslice2(bytes, (size_t)18U, (size_t)21U, uint8_t));
8014 int16_t_x2 v14_15 =
8015 libcrux_ml_kem_vector_portable_serialize_deserialize_12_int(
8016 Eurydice_slice_subslice2(bytes, (size_t)21U, (size_t)24U, uint8_t));
8017 libcrux_ml_kem_vector_portable_vector_type_PortableVector re =
8018 libcrux_ml_kem_vector_portable_vector_type_zero();
8019 re.elements[0U] = v0_1.fst;
8020 re.elements[1U] = v0_1.snd;
8021 re.elements[2U] = v2_3.fst;
8022 re.elements[3U] = v2_3.snd;
8023 re.elements[4U] = v4_5.fst;
8024 re.elements[5U] = v4_5.snd;
8025 re.elements[6U] = v6_7.fst;
8026 re.elements[7U] = v6_7.snd;
8027 re.elements[8U] = v8_9.fst;
8028 re.elements[9U] = v8_9.snd;
8029 re.elements[10U] = v10_11.fst;
8030 re.elements[11U] = v10_11.snd;
8031 re.elements[12U] = v12_13.fst;
8032 re.elements[13U] = v12_13.snd;
8033 re.elements[14U] = v14_15.fst;
8034 re.elements[15U] = v14_15.snd;
8035 return re;
8036 }
8037
8038 /**
8039 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
8040 libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
8041 */
8042 static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector
libcrux_ml_kem_vector_portable_deserialize_12_0d(Eurydice_slice a)8043 libcrux_ml_kem_vector_portable_deserialize_12_0d(Eurydice_slice a) {
8044 return libcrux_ml_kem_vector_portable_serialize_deserialize_12(a);
8045 }
8046
8047 static KRML_MUSTINLINE size_t
libcrux_ml_kem_vector_portable_sampling_rej_sample(Eurydice_slice a,Eurydice_slice result)8048 libcrux_ml_kem_vector_portable_sampling_rej_sample(Eurydice_slice a,
8049 Eurydice_slice result) {
8050 size_t sampled = (size_t)0U;
8051 for (size_t i = (size_t)0U; i < Eurydice_slice_len(a, uint8_t) / (size_t)3U;
8052 i++) {
8053 size_t i0 = i;
8054 int16_t b1 = (int16_t)Eurydice_slice_index(a, i0 * (size_t)3U + (size_t)0U,
8055 uint8_t, uint8_t *);
8056 int16_t b2 = (int16_t)Eurydice_slice_index(a, i0 * (size_t)3U + (size_t)1U,
8057 uint8_t, uint8_t *);
8058 int16_t b3 = (int16_t)Eurydice_slice_index(a, i0 * (size_t)3U + (size_t)2U,
8059 uint8_t, uint8_t *);
8060 int16_t d1 = (b2 & (int16_t)15) << 8U | b1;
8061 int16_t d2 = b3 << 4U | b2 >> 4U;
8062 bool uu____0;
8063 int16_t uu____1;
8064 bool uu____2;
8065 size_t uu____3;
8066 int16_t uu____4;
8067 size_t uu____5;
8068 int16_t uu____6;
8069 if (d1 < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS) {
8070 if (sampled < (size_t)16U) {
8071 Eurydice_slice_index(result, sampled, int16_t, int16_t *) = d1;
8072 sampled++;
8073 uu____1 = d2;
8074 uu____6 = LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS;
8075 uu____0 = uu____1 < uu____6;
8076 if (uu____0) {
8077 uu____3 = sampled;
8078 uu____2 = uu____3 < (size_t)16U;
8079 if (uu____2) {
8080 uu____4 = d2;
8081 uu____5 = sampled;
8082 Eurydice_slice_index(result, uu____5, int16_t, int16_t *) = uu____4;
8083 sampled++;
8084 continue;
8085 }
8086 }
8087 continue;
8088 }
8089 }
8090 uu____1 = d2;
8091 uu____6 = LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS;
8092 uu____0 = uu____1 < uu____6;
8093 if (uu____0) {
8094 uu____3 = sampled;
8095 uu____2 = uu____3 < (size_t)16U;
8096 if (uu____2) {
8097 uu____4 = d2;
8098 uu____5 = sampled;
8099 Eurydice_slice_index(result, uu____5, int16_t, int16_t *) = uu____4;
8100 sampled++;
8101 continue;
8102 }
8103 }
8104 }
8105 return sampled;
8106 }
8107
8108 /**
8109 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
8110 libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
8111 */
libcrux_ml_kem_vector_portable_rej_sample_0d(Eurydice_slice a,Eurydice_slice out)8112 static inline size_t libcrux_ml_kem_vector_portable_rej_sample_0d(
8113 Eurydice_slice a, Eurydice_slice out) {
8114 return libcrux_ml_kem_vector_portable_sampling_rej_sample(a, out);
8115 }
8116
8117 #define LIBCRUX_ML_KEM_MLKEM768_VECTOR_U_COMPRESSION_FACTOR_768 ((size_t)10U)
8118
8119 #define LIBCRUX_ML_KEM_MLKEM768_C1_BLOCK_SIZE_768 \
8120 (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * \
8121 LIBCRUX_ML_KEM_MLKEM768_VECTOR_U_COMPRESSION_FACTOR_768 / (size_t)8U)
8122
8123 #define LIBCRUX_ML_KEM_MLKEM768_RANK_768 ((size_t)3U)
8124
8125 #define LIBCRUX_ML_KEM_MLKEM768_C1_SIZE_768 \
8126 (LIBCRUX_ML_KEM_MLKEM768_C1_BLOCK_SIZE_768 * LIBCRUX_ML_KEM_MLKEM768_RANK_768)
8127
8128 #define LIBCRUX_ML_KEM_MLKEM768_VECTOR_V_COMPRESSION_FACTOR_768 ((size_t)4U)
8129
8130 #define LIBCRUX_ML_KEM_MLKEM768_C2_SIZE_768 \
8131 (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * \
8132 LIBCRUX_ML_KEM_MLKEM768_VECTOR_V_COMPRESSION_FACTOR_768 / (size_t)8U)
8133
8134 #define LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_CIPHERTEXT_SIZE_768 \
8135 (LIBCRUX_ML_KEM_MLKEM768_C1_SIZE_768 + LIBCRUX_ML_KEM_MLKEM768_C2_SIZE_768)
8136
8137 #define LIBCRUX_ML_KEM_MLKEM768_T_AS_NTT_ENCODED_SIZE_768 \
8138 (LIBCRUX_ML_KEM_MLKEM768_RANK_768 * \
8139 LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * \
8140 LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_COEFFICIENT / (size_t)8U)
8141
8142 #define LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_PUBLIC_KEY_SIZE_768 \
8143 (LIBCRUX_ML_KEM_MLKEM768_T_AS_NTT_ENCODED_SIZE_768 + (size_t)32U)
8144
8145 #define LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_SECRET_KEY_SIZE_768 \
8146 (LIBCRUX_ML_KEM_MLKEM768_RANK_768 * \
8147 LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * \
8148 LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_COEFFICIENT / (size_t)8U)
8149
8150 #define LIBCRUX_ML_KEM_MLKEM768_ETA1 ((size_t)2U)
8151
8152 #define LIBCRUX_ML_KEM_MLKEM768_ETA1_RANDOMNESS_SIZE \
8153 (LIBCRUX_ML_KEM_MLKEM768_ETA1 * (size_t)64U)
8154
8155 #define LIBCRUX_ML_KEM_MLKEM768_ETA2 ((size_t)2U)
8156
8157 #define LIBCRUX_ML_KEM_MLKEM768_ETA2_RANDOMNESS_SIZE \
8158 (LIBCRUX_ML_KEM_MLKEM768_ETA2 * (size_t)64U)
8159
8160 #define LIBCRUX_ML_KEM_MLKEM768_IMPLICIT_REJECTION_HASH_INPUT_SIZE \
8161 (LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE + \
8162 LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_CIPHERTEXT_SIZE_768)
8163
8164 typedef libcrux_ml_kem_types_MlKemPrivateKey_55
8165 libcrux_ml_kem_mlkem768_MlKem768PrivateKey;
8166
8167 typedef libcrux_ml_kem_types_MlKemPublicKey_15
8168 libcrux_ml_kem_mlkem768_MlKem768PublicKey;
8169
8170 #define LIBCRUX_ML_KEM_MLKEM768_RANKED_BYTES_PER_RING_ELEMENT_768 \
8171 (LIBCRUX_ML_KEM_MLKEM768_RANK_768 * \
8172 LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_RING_ELEMENT / (size_t)8U)
8173
8174 #define LIBCRUX_ML_KEM_MLKEM768_SECRET_KEY_SIZE_768 \
8175 (LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_SECRET_KEY_SIZE_768 + \
8176 LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_PUBLIC_KEY_SIZE_768 + \
8177 LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE + \
8178 LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE)
8179
8180 /**
8181 A monomorphic instance of libcrux_ml_kem.polynomial.PolynomialRingElement
8182 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
8183
8184 */
8185 typedef struct libcrux_ml_kem_polynomial_PolynomialRingElement_f0_s {
8186 libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficients[16U];
8187 } libcrux_ml_kem_polynomial_PolynomialRingElement_f0;
8188
8189 /**
8190 This function found in impl
8191 {libcrux_ml_kem::polynomial::PolynomialRingElement<Vector>[TraitClause@0]}
8192 */
8193 /**
8194 A monomorphic instance of libcrux_ml_kem.polynomial.ZERO_89
8195 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
8196 with const generics
8197
8198 */
8199 static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0
libcrux_ml_kem_polynomial_ZERO_89_ea(void)8200 libcrux_ml_kem_polynomial_ZERO_89_ea(void) {
8201 libcrux_ml_kem_polynomial_PolynomialRingElement_f0 lit;
8202 lit.coefficients[0U] = libcrux_ml_kem_vector_portable_ZERO_0d();
8203 lit.coefficients[1U] = libcrux_ml_kem_vector_portable_ZERO_0d();
8204 lit.coefficients[2U] = libcrux_ml_kem_vector_portable_ZERO_0d();
8205 lit.coefficients[3U] = libcrux_ml_kem_vector_portable_ZERO_0d();
8206 lit.coefficients[4U] = libcrux_ml_kem_vector_portable_ZERO_0d();
8207 lit.coefficients[5U] = libcrux_ml_kem_vector_portable_ZERO_0d();
8208 lit.coefficients[6U] = libcrux_ml_kem_vector_portable_ZERO_0d();
8209 lit.coefficients[7U] = libcrux_ml_kem_vector_portable_ZERO_0d();
8210 lit.coefficients[8U] = libcrux_ml_kem_vector_portable_ZERO_0d();
8211 lit.coefficients[9U] = libcrux_ml_kem_vector_portable_ZERO_0d();
8212 lit.coefficients[10U] = libcrux_ml_kem_vector_portable_ZERO_0d();
8213 lit.coefficients[11U] = libcrux_ml_kem_vector_portable_ZERO_0d();
8214 lit.coefficients[12U] = libcrux_ml_kem_vector_portable_ZERO_0d();
8215 lit.coefficients[13U] = libcrux_ml_kem_vector_portable_ZERO_0d();
8216 lit.coefficients[14U] = libcrux_ml_kem_vector_portable_ZERO_0d();
8217 lit.coefficients[15U] = libcrux_ml_kem_vector_portable_ZERO_0d();
8218 return lit;
8219 }
8220
8221 /**
8222 A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_secret_key.closure
8223 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
8224 with const generics
8225 - K= 3
8226 */
8227 static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0
libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure_6b(size_t _)8228 libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure_6b(size_t _) {
8229 return libcrux_ml_kem_polynomial_ZERO_89_ea();
8230 }
8231
8232 /**
8233 A monomorphic instance of
8234 libcrux_ml_kem.serialize.deserialize_to_uncompressed_ring_element with types
8235 libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
8236
8237 */
8238 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0
libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_af(Eurydice_slice serialized)8239 libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_af(
8240 Eurydice_slice serialized) {
8241 libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re =
8242 libcrux_ml_kem_polynomial_ZERO_89_ea();
8243 for (size_t i = (size_t)0U;
8244 i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) {
8245 size_t i0 = i;
8246 Eurydice_slice bytes = Eurydice_slice_subslice2(
8247 serialized, i0 * (size_t)24U, i0 * (size_t)24U + (size_t)24U, uint8_t);
8248 libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 =
8249 libcrux_ml_kem_vector_portable_deserialize_12_0d(bytes);
8250 re.coefficients[i0] = uu____0;
8251 }
8252 return re;
8253 }
8254
8255 /**
8256 Call [`deserialize_to_uncompressed_ring_element`] for each ring element.
8257 */
8258 /**
8259 A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_secret_key
8260 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
8261 with const generics
8262 - K= 3
8263 */
libcrux_ml_kem_ind_cpa_deserialize_secret_key_24(Eurydice_slice secret_key,libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U])8264 static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_24(
8265 Eurydice_slice secret_key,
8266 libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) {
8267 libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U];
8268 for (size_t i = (size_t)0U; i < (size_t)3U; i++) {
8269 secret_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_89_ea();
8270 }
8271 for (size_t i = (size_t)0U;
8272 i < Eurydice_slice_len(secret_key, uint8_t) /
8273 LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT;
8274 i++) {
8275 size_t i0 = i;
8276 Eurydice_slice secret_bytes = Eurydice_slice_subslice2(
8277 secret_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT,
8278 i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT +
8279 LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT,
8280 uint8_t);
8281 libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 =
8282 libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_af(
8283 secret_bytes);
8284 secret_as_ntt[i0] = uu____0;
8285 }
8286 memcpy(
8287 ret, secret_as_ntt,
8288 (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0));
8289 }
8290
8291 /**
8292 A monomorphic instance of
8293 libcrux_ml_kem.ind_cpa.unpacked.IndCpaPrivateKeyUnpacked with types
8294 libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
8295 - $3size_t
8296 */
8297 typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8_s {
8298 libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U];
8299 } libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8;
8300
8301 /**
8302 A monomorphic instance of
8303 libcrux_ml_kem.ind_cpa.deserialize_then_decompress_u.closure with types
8304 libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
8305 - K= 3
8306 - CIPHERTEXT_SIZE= 1088
8307 - U_COMPRESSION_FACTOR= 10
8308 */
8309 static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0
libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure_7c(size_t _)8310 libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure_7c(size_t _) {
8311 return libcrux_ml_kem_polynomial_ZERO_89_ea();
8312 }
8313
8314 /**
8315 A monomorphic instance of
8316 libcrux_ml_kem.vector.portable.compress.decompress_ciphertext_coefficient with
8317 const generics
8318 - COEFFICIENT_BITS= 10
8319 */
8320 static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector
libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_6b(libcrux_ml_kem_vector_portable_vector_type_PortableVector v)8321 libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_6b(
8322 libcrux_ml_kem_vector_portable_vector_type_PortableVector v) {
8323 for (size_t i = (size_t)0U;
8324 i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) {
8325 size_t i0 = i;
8326 int32_t decompressed = (int32_t)v.elements[i0] *
8327 (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS;
8328 decompressed = (decompressed << 1U) + ((int32_t)1 << (uint32_t)(int32_t)10);
8329 decompressed = decompressed >> (uint32_t)((int32_t)10 + (int32_t)1);
8330 v.elements[i0] = (int16_t)decompressed;
8331 }
8332 return v;
8333 }
8334
8335 /**
8336 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
8337 libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
8338 */
8339 /**
8340 A monomorphic instance of
8341 libcrux_ml_kem.vector.portable.decompress_ciphertext_coefficient_0d with const
8342 generics
8343 - COEFFICIENT_BITS= 10
8344 */
8345 static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector
libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_5a(libcrux_ml_kem_vector_portable_vector_type_PortableVector v)8346 libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_5a(
8347 libcrux_ml_kem_vector_portable_vector_type_PortableVector v) {
8348 return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_6b(
8349 v);
8350 }
8351
8352 /**
8353 A monomorphic instance of
8354 libcrux_ml_kem.serialize.deserialize_then_decompress_10 with types
8355 libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
8356
8357 */
8358 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0
libcrux_ml_kem_serialize_deserialize_then_decompress_10_2c(Eurydice_slice serialized)8359 libcrux_ml_kem_serialize_deserialize_then_decompress_10_2c(
8360 Eurydice_slice serialized) {
8361 libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re =
8362 libcrux_ml_kem_polynomial_ZERO_89_ea();
8363 for (size_t i = (size_t)0U;
8364 i < Eurydice_slice_len(serialized, uint8_t) / (size_t)20U; i++) {
8365 size_t i0 = i;
8366 Eurydice_slice bytes = Eurydice_slice_subslice2(
8367 serialized, i0 * (size_t)20U, i0 * (size_t)20U + (size_t)20U, uint8_t);
8368 libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient =
8369 libcrux_ml_kem_vector_portable_deserialize_10_0d(bytes);
8370 libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 =
8371 libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_5a(
8372 coefficient);
8373 re.coefficients[i0] = uu____0;
8374 }
8375 return re;
8376 }
8377
8378 /**
8379 A monomorphic instance of
8380 libcrux_ml_kem.vector.portable.compress.decompress_ciphertext_coefficient with
8381 const generics
8382 - COEFFICIENT_BITS= 11
8383 */
8384 static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector
libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_6b0(libcrux_ml_kem_vector_portable_vector_type_PortableVector v)8385 libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_6b0(
8386 libcrux_ml_kem_vector_portable_vector_type_PortableVector v) {
8387 for (size_t i = (size_t)0U;
8388 i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) {
8389 size_t i0 = i;
8390 int32_t decompressed = (int32_t)v.elements[i0] *
8391 (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS;
8392 decompressed = (decompressed << 1U) + ((int32_t)1 << (uint32_t)(int32_t)11);
8393 decompressed = decompressed >> (uint32_t)((int32_t)11 + (int32_t)1);
8394 v.elements[i0] = (int16_t)decompressed;
8395 }
8396 return v;
8397 }
8398
8399 /**
8400 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
8401 libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
8402 */
8403 /**
8404 A monomorphic instance of
8405 libcrux_ml_kem.vector.portable.decompress_ciphertext_coefficient_0d with const
8406 generics
8407 - COEFFICIENT_BITS= 11
8408 */
8409 static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector
libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_5a0(libcrux_ml_kem_vector_portable_vector_type_PortableVector v)8410 libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_5a0(
8411 libcrux_ml_kem_vector_portable_vector_type_PortableVector v) {
8412 return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_6b0(
8413 v);
8414 }
8415
8416 /**
8417 A monomorphic instance of
8418 libcrux_ml_kem.serialize.deserialize_then_decompress_11 with types
8419 libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
8420
8421 */
8422 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0
libcrux_ml_kem_serialize_deserialize_then_decompress_11_8d(Eurydice_slice serialized)8423 libcrux_ml_kem_serialize_deserialize_then_decompress_11_8d(
8424 Eurydice_slice serialized) {
8425 libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re =
8426 libcrux_ml_kem_polynomial_ZERO_89_ea();
8427 for (size_t i = (size_t)0U;
8428 i < Eurydice_slice_len(serialized, uint8_t) / (size_t)22U; i++) {
8429 size_t i0 = i;
8430 Eurydice_slice bytes = Eurydice_slice_subslice2(
8431 serialized, i0 * (size_t)22U, i0 * (size_t)22U + (size_t)22U, uint8_t);
8432 libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient =
8433 libcrux_ml_kem_vector_portable_deserialize_11_0d(bytes);
8434 libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 =
8435 libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_5a0(
8436 coefficient);
8437 re.coefficients[i0] = uu____0;
8438 }
8439 return re;
8440 }
8441
8442 /**
8443 A monomorphic instance of
8444 libcrux_ml_kem.serialize.deserialize_then_decompress_ring_element_u with types
8445 libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
8446 - COMPRESSION_FACTOR= 10
8447 */
8448 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0
libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_34(Eurydice_slice serialized)8449 libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_34(
8450 Eurydice_slice serialized) {
8451 return libcrux_ml_kem_serialize_deserialize_then_decompress_10_2c(serialized);
8452 }
8453
8454 typedef struct libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2_s {
8455 libcrux_ml_kem_vector_portable_vector_type_PortableVector fst;
8456 libcrux_ml_kem_vector_portable_vector_type_PortableVector snd;
8457 } libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2;
8458
8459 /**
8460 A monomorphic instance of libcrux_ml_kem.vector.traits.montgomery_multiply_fe
8461 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
8462 with const generics
8463
8464 */
8465 static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector
libcrux_ml_kem_vector_traits_montgomery_multiply_fe_67(libcrux_ml_kem_vector_portable_vector_type_PortableVector v,int16_t fer)8466 libcrux_ml_kem_vector_traits_montgomery_multiply_fe_67(
8467 libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t fer) {
8468 return libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_0d(v,
8469 fer);
8470 }
8471
8472 /**
8473 A monomorphic instance of libcrux_ml_kem.ntt.ntt_layer_int_vec_step
8474 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
8475 with const generics
8476
8477 */
8478 static KRML_MUSTINLINE
8479 libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2
libcrux_ml_kem_ntt_ntt_layer_int_vec_step_0c(libcrux_ml_kem_vector_portable_vector_type_PortableVector a,libcrux_ml_kem_vector_portable_vector_type_PortableVector b,int16_t zeta_r)8480 libcrux_ml_kem_ntt_ntt_layer_int_vec_step_0c(
8481 libcrux_ml_kem_vector_portable_vector_type_PortableVector a,
8482 libcrux_ml_kem_vector_portable_vector_type_PortableVector b,
8483 int16_t zeta_r) {
8484 libcrux_ml_kem_vector_portable_vector_type_PortableVector t =
8485 libcrux_ml_kem_vector_traits_montgomery_multiply_fe_67(b, zeta_r);
8486 b = libcrux_ml_kem_vector_portable_sub_0d(a, &t);
8487 a = libcrux_ml_kem_vector_portable_add_0d(a, &t);
8488 return (
8489 CLITERAL(libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2){
8490 .fst = a, .snd = b});
8491 }
8492
8493 /**
8494 A monomorphic instance of libcrux_ml_kem.ntt.ntt_at_layer_4_plus
8495 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
8496 with const generics
8497
8498 */
libcrux_ml_kem_ntt_ntt_at_layer_4_plus_51(size_t * zeta_i,libcrux_ml_kem_polynomial_PolynomialRingElement_f0 * re,size_t layer,size_t _initial_coefficient_bound)8499 static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_4_plus_51(
8500 size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re,
8501 size_t layer, size_t _initial_coefficient_bound) {
8502 size_t step = (size_t)1U << (uint32_t)layer;
8503 for (size_t i0 = (size_t)0U; i0 < (size_t)128U >> (uint32_t)layer; i0++) {
8504 size_t round = i0;
8505 zeta_i[0U] = zeta_i[0U] + (size_t)1U;
8506 size_t offset = round * step * (size_t)2U;
8507 size_t offset_vec = offset / (size_t)16U;
8508 size_t step_vec = step / (size_t)16U;
8509 for (size_t i = offset_vec; i < offset_vec + step_vec; i++) {
8510 size_t j = i;
8511 libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 uu____0 =
8512 libcrux_ml_kem_ntt_ntt_layer_int_vec_step_0c(
8513 re->coefficients[j], re->coefficients[j + step_vec],
8514 libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]);
8515 libcrux_ml_kem_vector_portable_vector_type_PortableVector x = uu____0.fst;
8516 libcrux_ml_kem_vector_portable_vector_type_PortableVector y = uu____0.snd;
8517 re->coefficients[j] = x;
8518 re->coefficients[j + step_vec] = y;
8519 }
8520 }
8521 }
8522
8523 /**
8524 A monomorphic instance of libcrux_ml_kem.ntt.ntt_at_layer_3
8525 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
8526 with const generics
8527
8528 */
libcrux_ml_kem_ntt_ntt_at_layer_3_fd(size_t * zeta_i,libcrux_ml_kem_polynomial_PolynomialRingElement_f0 * re,size_t _layer,size_t _initial_coefficient_bound)8529 static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_3_fd(
8530 size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re,
8531 size_t _layer, size_t _initial_coefficient_bound) {
8532 for (size_t i = (size_t)0U; i < (size_t)16U; i++) {
8533 size_t round = i;
8534 zeta_i[0U] = zeta_i[0U] + (size_t)1U;
8535 libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 =
8536 libcrux_ml_kem_vector_portable_ntt_layer_3_step_0d(
8537 re->coefficients[round],
8538 libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]);
8539 re->coefficients[round] = uu____0;
8540 }
8541 }
8542
8543 /**
8544 A monomorphic instance of libcrux_ml_kem.ntt.ntt_at_layer_2
8545 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
8546 with const generics
8547
8548 */
libcrux_ml_kem_ntt_ntt_at_layer_2_ad(size_t * zeta_i,libcrux_ml_kem_polynomial_PolynomialRingElement_f0 * re,size_t _layer,size_t _initial_coefficient_bound)8549 static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_2_ad(
8550 size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re,
8551 size_t _layer, size_t _initial_coefficient_bound) {
8552 for (size_t i = (size_t)0U; i < (size_t)16U; i++) {
8553 size_t round = i;
8554 zeta_i[0U] = zeta_i[0U] + (size_t)1U;
8555 re->coefficients[round] =
8556 libcrux_ml_kem_vector_portable_ntt_layer_2_step_0d(
8557 re->coefficients[round],
8558 libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]],
8559 libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] +
8560 (size_t)1U]);
8561 zeta_i[0U] = zeta_i[0U] + (size_t)1U;
8562 }
8563 }
8564
8565 /**
8566 A monomorphic instance of libcrux_ml_kem.ntt.ntt_at_layer_1
8567 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
8568 with const generics
8569
8570 */
libcrux_ml_kem_ntt_ntt_at_layer_1_a2(size_t * zeta_i,libcrux_ml_kem_polynomial_PolynomialRingElement_f0 * re,size_t _layer,size_t _initial_coefficient_bound)8571 static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_1_a2(
8572 size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re,
8573 size_t _layer, size_t _initial_coefficient_bound) {
8574 for (size_t i = (size_t)0U; i < (size_t)16U; i++) {
8575 size_t round = i;
8576 zeta_i[0U] = zeta_i[0U] + (size_t)1U;
8577 re->coefficients[round] =
8578 libcrux_ml_kem_vector_portable_ntt_layer_1_step_0d(
8579 re->coefficients[round],
8580 libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]],
8581 libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] +
8582 (size_t)1U],
8583 libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] +
8584 (size_t)2U],
8585 libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] +
8586 (size_t)3U]);
8587 zeta_i[0U] = zeta_i[0U] + (size_t)3U;
8588 }
8589 }
8590
8591 /**
8592 This function found in impl
8593 {libcrux_ml_kem::polynomial::PolynomialRingElement<Vector>[TraitClause@0]}
8594 */
8595 /**
8596 A monomorphic instance of libcrux_ml_kem.polynomial.poly_barrett_reduce_89
8597 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
8598 with const generics
8599
8600 */
libcrux_ml_kem_polynomial_poly_barrett_reduce_89_8b(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 * self)8601 static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_poly_barrett_reduce_89_8b(
8602 libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self) {
8603 for (size_t i = (size_t)0U;
8604 i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
8605 size_t i0 = i;
8606 libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 =
8607 libcrux_ml_kem_vector_portable_barrett_reduce_0d(
8608 self->coefficients[i0]);
8609 self->coefficients[i0] = uu____0;
8610 }
8611 }
8612
8613 /**
8614 A monomorphic instance of libcrux_ml_kem.ntt.ntt_vector_u
8615 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
8616 with const generics
8617 - VECTOR_U_COMPRESSION_FACTOR= 10
8618 */
libcrux_ml_kem_ntt_ntt_vector_u_9f(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 * re)8619 static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_vector_u_9f(
8620 libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) {
8621 size_t zeta_i = (size_t)0U;
8622 libcrux_ml_kem_ntt_ntt_at_layer_4_plus_51(&zeta_i, re, (size_t)7U,
8623 (size_t)3328U);
8624 libcrux_ml_kem_ntt_ntt_at_layer_4_plus_51(&zeta_i, re, (size_t)6U,
8625 (size_t)3328U);
8626 libcrux_ml_kem_ntt_ntt_at_layer_4_plus_51(&zeta_i, re, (size_t)5U,
8627 (size_t)3328U);
8628 libcrux_ml_kem_ntt_ntt_at_layer_4_plus_51(&zeta_i, re, (size_t)4U,
8629 (size_t)3328U);
8630 libcrux_ml_kem_ntt_ntt_at_layer_3_fd(&zeta_i, re, (size_t)3U, (size_t)3328U);
8631 libcrux_ml_kem_ntt_ntt_at_layer_2_ad(&zeta_i, re, (size_t)2U, (size_t)3328U);
8632 libcrux_ml_kem_ntt_ntt_at_layer_1_a2(&zeta_i, re, (size_t)1U, (size_t)3328U);
8633 libcrux_ml_kem_polynomial_poly_barrett_reduce_89_8b(re);
8634 }
8635
8636 /**
8637 Call [`deserialize_then_decompress_ring_element_u`] on each ring element
8638 in the `ciphertext`.
8639 */
8640 /**
8641 A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_then_decompress_u
8642 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
8643 with const generics
8644 - K= 3
8645 - CIPHERTEXT_SIZE= 1088
8646 - U_COMPRESSION_FACTOR= 10
8647 */
8648 static KRML_MUSTINLINE void
libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_f4(uint8_t * ciphertext,libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U])8649 libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_f4(
8650 uint8_t *ciphertext,
8651 libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) {
8652 libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[3U];
8653 for (size_t i = (size_t)0U; i < (size_t)3U; i++) {
8654 u_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_89_ea();
8655 }
8656 for (size_t i = (size_t)0U;
8657 i < Eurydice_slice_len(
8658 Eurydice_array_to_slice((size_t)1088U, ciphertext, uint8_t),
8659 uint8_t) /
8660 (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT *
8661 (size_t)10U / (size_t)8U);
8662 i++) {
8663 size_t i0 = i;
8664 Eurydice_slice u_bytes = Eurydice_array_to_subslice2(
8665 ciphertext,
8666 i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT *
8667 (size_t)10U / (size_t)8U),
8668 i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT *
8669 (size_t)10U / (size_t)8U) +
8670 LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT *
8671 (size_t)10U / (size_t)8U,
8672 uint8_t);
8673 u_as_ntt[i0] =
8674 libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_34(
8675 u_bytes);
8676 libcrux_ml_kem_ntt_ntt_vector_u_9f(&u_as_ntt[i0]);
8677 }
8678 memcpy(
8679 ret, u_as_ntt,
8680 (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0));
8681 }
8682
8683 /**
8684 A monomorphic instance of
8685 libcrux_ml_kem.vector.portable.compress.decompress_ciphertext_coefficient with
8686 const generics
8687 - COEFFICIENT_BITS= 4
8688 */
8689 static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector
libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_6b1(libcrux_ml_kem_vector_portable_vector_type_PortableVector v)8690 libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_6b1(
8691 libcrux_ml_kem_vector_portable_vector_type_PortableVector v) {
8692 for (size_t i = (size_t)0U;
8693 i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) {
8694 size_t i0 = i;
8695 int32_t decompressed = (int32_t)v.elements[i0] *
8696 (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS;
8697 decompressed = (decompressed << 1U) + ((int32_t)1 << (uint32_t)(int32_t)4);
8698 decompressed = decompressed >> (uint32_t)((int32_t)4 + (int32_t)1);
8699 v.elements[i0] = (int16_t)decompressed;
8700 }
8701 return v;
8702 }
8703
8704 /**
8705 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
8706 libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
8707 */
8708 /**
8709 A monomorphic instance of
8710 libcrux_ml_kem.vector.portable.decompress_ciphertext_coefficient_0d with const
8711 generics
8712 - COEFFICIENT_BITS= 4
8713 */
8714 static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector
libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_5a1(libcrux_ml_kem_vector_portable_vector_type_PortableVector v)8715 libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_5a1(
8716 libcrux_ml_kem_vector_portable_vector_type_PortableVector v) {
8717 return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_6b1(
8718 v);
8719 }
8720
8721 /**
8722 A monomorphic instance of libcrux_ml_kem.serialize.deserialize_then_decompress_4
8723 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
8724 with const generics
8725
8726 */
8727 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0
libcrux_ml_kem_serialize_deserialize_then_decompress_4_41(Eurydice_slice serialized)8728 libcrux_ml_kem_serialize_deserialize_then_decompress_4_41(
8729 Eurydice_slice serialized) {
8730 libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re =
8731 libcrux_ml_kem_polynomial_ZERO_89_ea();
8732 for (size_t i = (size_t)0U;
8733 i < Eurydice_slice_len(serialized, uint8_t) / (size_t)8U; i++) {
8734 size_t i0 = i;
8735 Eurydice_slice bytes = Eurydice_slice_subslice2(
8736 serialized, i0 * (size_t)8U, i0 * (size_t)8U + (size_t)8U, uint8_t);
8737 libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient =
8738 libcrux_ml_kem_vector_portable_deserialize_4_0d(bytes);
8739 libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 =
8740 libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_5a1(
8741 coefficient);
8742 re.coefficients[i0] = uu____0;
8743 }
8744 return re;
8745 }
8746
8747 /**
8748 A monomorphic instance of
8749 libcrux_ml_kem.vector.portable.compress.decompress_ciphertext_coefficient with
8750 const generics
8751 - COEFFICIENT_BITS= 5
8752 */
8753 static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector
libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_6b2(libcrux_ml_kem_vector_portable_vector_type_PortableVector v)8754 libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_6b2(
8755 libcrux_ml_kem_vector_portable_vector_type_PortableVector v) {
8756 for (size_t i = (size_t)0U;
8757 i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) {
8758 size_t i0 = i;
8759 int32_t decompressed = (int32_t)v.elements[i0] *
8760 (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS;
8761 decompressed = (decompressed << 1U) + ((int32_t)1 << (uint32_t)(int32_t)5);
8762 decompressed = decompressed >> (uint32_t)((int32_t)5 + (int32_t)1);
8763 v.elements[i0] = (int16_t)decompressed;
8764 }
8765 return v;
8766 }
8767
8768 /**
8769 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
8770 libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
8771 */
8772 /**
8773 A monomorphic instance of
8774 libcrux_ml_kem.vector.portable.decompress_ciphertext_coefficient_0d with const
8775 generics
8776 - COEFFICIENT_BITS= 5
8777 */
8778 static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector
libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_5a2(libcrux_ml_kem_vector_portable_vector_type_PortableVector v)8779 libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_5a2(
8780 libcrux_ml_kem_vector_portable_vector_type_PortableVector v) {
8781 return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_6b2(
8782 v);
8783 }
8784
8785 /**
8786 A monomorphic instance of libcrux_ml_kem.serialize.deserialize_then_decompress_5
8787 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
8788 with const generics
8789
8790 */
8791 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0
libcrux_ml_kem_serialize_deserialize_then_decompress_5_4e(Eurydice_slice serialized)8792 libcrux_ml_kem_serialize_deserialize_then_decompress_5_4e(
8793 Eurydice_slice serialized) {
8794 libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re =
8795 libcrux_ml_kem_polynomial_ZERO_89_ea();
8796 for (size_t i = (size_t)0U;
8797 i < Eurydice_slice_len(serialized, uint8_t) / (size_t)10U; i++) {
8798 size_t i0 = i;
8799 Eurydice_slice bytes = Eurydice_slice_subslice2(
8800 serialized, i0 * (size_t)10U, i0 * (size_t)10U + (size_t)10U, uint8_t);
8801 re.coefficients[i0] =
8802 libcrux_ml_kem_vector_portable_deserialize_5_0d(bytes);
8803 libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____1 =
8804 libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_5a2(
8805 re.coefficients[i0]);
8806 re.coefficients[i0] = uu____1;
8807 }
8808 return re;
8809 }
8810
8811 /**
8812 A monomorphic instance of
8813 libcrux_ml_kem.serialize.deserialize_then_decompress_ring_element_v with types
8814 libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
8815 - COMPRESSION_FACTOR= 4
8816 */
8817 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0
libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_56(Eurydice_slice serialized)8818 libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_56(
8819 Eurydice_slice serialized) {
8820 return libcrux_ml_kem_serialize_deserialize_then_decompress_4_41(serialized);
8821 }
8822
8823 /**
8824 Given two `KyberPolynomialRingElement`s in their NTT representations,
8825 compute their product. Given two polynomials in the NTT domain `f^` and `ĵ`,
8826 the `iᵗʰ` coefficient of the product `k̂` is determined by the calculation:
8827
8828 ```plaintext
8829 ĥ[2·i] + ĥ[2·i + 1]X = (f^[2·i] + f^[2·i + 1]X)·(ĝ[2·i] + ĝ[2·i + 1]X) mod (X²
8830 - ζ^(2·BitRev₇(i) + 1))
8831 ```
8832
8833 This function almost implements <strong>Algorithm 10</strong> of the
8834 NIST FIPS 203 standard, which is reproduced below:
8835
8836 ```plaintext
8837 Input: Two arrays fˆ ∈ ℤ₂₅₆ and ĝ ∈ ℤ₂₅₆.
8838 Output: An array ĥ ∈ ℤq.
8839
8840 for(i ← 0; i < 128; i++)
8841 (ĥ[2i], ĥ[2i+1]) ← BaseCaseMultiply(fˆ[2i], fˆ[2i+1], ĝ[2i], ĝ[2i+1],
8842 ζ^(2·BitRev₇(i) + 1)) end for return ĥ
8843 ```
8844 We say "almost" because the coefficients of the ring element output by
8845 this function are in the Montgomery domain.
8846
8847 The NIST FIPS 203 standard can be found at
8848 <https://csrc.nist.gov/pubs/fips/203/ipd>.
8849 */
8850 /**
8851 This function found in impl
8852 {libcrux_ml_kem::polynomial::PolynomialRingElement<Vector>[TraitClause@0]}
8853 */
8854 /**
8855 A monomorphic instance of libcrux_ml_kem.polynomial.ntt_multiply_89
8856 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
8857 with const generics
8858
8859 */
8860 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0
libcrux_ml_kem_polynomial_ntt_multiply_89_2a(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 * self,libcrux_ml_kem_polynomial_PolynomialRingElement_f0 * rhs)8861 libcrux_ml_kem_polynomial_ntt_multiply_89_2a(
8862 libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self,
8863 libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) {
8864 libcrux_ml_kem_polynomial_PolynomialRingElement_f0 out =
8865 libcrux_ml_kem_polynomial_ZERO_89_ea();
8866 for (size_t i = (size_t)0U;
8867 i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
8868 size_t i0 = i;
8869 libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 =
8870 libcrux_ml_kem_vector_portable_ntt_multiply_0d(
8871 &self->coefficients[i0], &rhs->coefficients[i0],
8872 libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U +
8873 (size_t)4U * i0],
8874 libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U +
8875 (size_t)4U * i0 +
8876 (size_t)1U],
8877 libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U +
8878 (size_t)4U * i0 +
8879 (size_t)2U],
8880 libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U +
8881 (size_t)4U * i0 +
8882 (size_t)3U]);
8883 out.coefficients[i0] = uu____0;
8884 }
8885 return out;
8886 }
8887
8888 /**
8889 Given two polynomial ring elements `lhs` and `rhs`, compute the pointwise
8890 sum of their constituent coefficients.
8891 */
8892 /**
8893 This function found in impl
8894 {libcrux_ml_kem::polynomial::PolynomialRingElement<Vector>[TraitClause@0]}
8895 */
8896 /**
8897 A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_89
8898 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
8899 with const generics
8900 - K= 3
8901 */
libcrux_ml_kem_polynomial_add_to_ring_element_89_84(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 * self,libcrux_ml_kem_polynomial_PolynomialRingElement_f0 * rhs)8902 static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_to_ring_element_89_84(
8903 libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self,
8904 libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) {
8905 for (size_t i = (size_t)0U;
8906 i < Eurydice_slice_len(
8907 Eurydice_array_to_slice(
8908 (size_t)16U, self->coefficients,
8909 libcrux_ml_kem_vector_portable_vector_type_PortableVector),
8910 libcrux_ml_kem_vector_portable_vector_type_PortableVector);
8911 i++) {
8912 size_t i0 = i;
8913 libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 =
8914 libcrux_ml_kem_vector_portable_add_0d(self->coefficients[i0],
8915 &rhs->coefficients[i0]);
8916 self->coefficients[i0] = uu____0;
8917 }
8918 }
8919
8920 /**
8921 A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_at_layer_1
8922 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
8923 with const generics
8924
8925 */
libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_83(size_t * zeta_i,libcrux_ml_kem_polynomial_PolynomialRingElement_f0 * re,size_t _layer)8926 static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_83(
8927 size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re,
8928 size_t _layer) {
8929 for (size_t i = (size_t)0U; i < (size_t)16U; i++) {
8930 size_t round = i;
8931 zeta_i[0U] = zeta_i[0U] - (size_t)1U;
8932 re->coefficients[round] =
8933 libcrux_ml_kem_vector_portable_inv_ntt_layer_1_step_0d(
8934 re->coefficients[round],
8935 libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]],
8936 libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] -
8937 (size_t)1U],
8938 libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] -
8939 (size_t)2U],
8940 libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] -
8941 (size_t)3U]);
8942 zeta_i[0U] = zeta_i[0U] - (size_t)3U;
8943 }
8944 }
8945
8946 /**
8947 A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_at_layer_2
8948 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
8949 with const generics
8950
8951 */
libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_c3(size_t * zeta_i,libcrux_ml_kem_polynomial_PolynomialRingElement_f0 * re,size_t _layer)8952 static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_c3(
8953 size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re,
8954 size_t _layer) {
8955 for (size_t i = (size_t)0U; i < (size_t)16U; i++) {
8956 size_t round = i;
8957 zeta_i[0U] = zeta_i[0U] - (size_t)1U;
8958 re->coefficients[round] =
8959 libcrux_ml_kem_vector_portable_inv_ntt_layer_2_step_0d(
8960 re->coefficients[round],
8961 libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]],
8962 libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] -
8963 (size_t)1U]);
8964 zeta_i[0U] = zeta_i[0U] - (size_t)1U;
8965 }
8966 }
8967
8968 /**
8969 A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_at_layer_3
8970 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
8971 with const generics
8972
8973 */
libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_68(size_t * zeta_i,libcrux_ml_kem_polynomial_PolynomialRingElement_f0 * re,size_t _layer)8974 static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_68(
8975 size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re,
8976 size_t _layer) {
8977 for (size_t i = (size_t)0U; i < (size_t)16U; i++) {
8978 size_t round = i;
8979 zeta_i[0U] = zeta_i[0U] - (size_t)1U;
8980 libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 =
8981 libcrux_ml_kem_vector_portable_inv_ntt_layer_3_step_0d(
8982 re->coefficients[round],
8983 libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]);
8984 re->coefficients[round] = uu____0;
8985 }
8986 }
8987
8988 /**
8989 A monomorphic instance of
8990 libcrux_ml_kem.invert_ntt.inv_ntt_layer_int_vec_step_reduce with types
8991 libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
8992
8993 */
8994 static KRML_MUSTINLINE
8995 libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2
libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_65(libcrux_ml_kem_vector_portable_vector_type_PortableVector a,libcrux_ml_kem_vector_portable_vector_type_PortableVector b,int16_t zeta_r)8996 libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_65(
8997 libcrux_ml_kem_vector_portable_vector_type_PortableVector a,
8998 libcrux_ml_kem_vector_portable_vector_type_PortableVector b,
8999 int16_t zeta_r) {
9000 libcrux_ml_kem_vector_portable_vector_type_PortableVector a_minus_b =
9001 libcrux_ml_kem_vector_portable_sub_0d(b, &a);
9002 a = libcrux_ml_kem_vector_portable_barrett_reduce_0d(
9003 libcrux_ml_kem_vector_portable_add_0d(a, &b));
9004 b = libcrux_ml_kem_vector_traits_montgomery_multiply_fe_67(a_minus_b, zeta_r);
9005 return (
9006 CLITERAL(libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2){
9007 .fst = a, .snd = b});
9008 }
9009
9010 /**
9011 A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_at_layer_4_plus
9012 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
9013 with const generics
9014
9015 */
9016 static KRML_MUSTINLINE void
libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_6e(size_t * zeta_i,libcrux_ml_kem_polynomial_PolynomialRingElement_f0 * re,size_t layer)9017 libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_6e(
9018 size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re,
9019 size_t layer) {
9020 size_t step = (size_t)1U << (uint32_t)layer;
9021 for (size_t i0 = (size_t)0U; i0 < (size_t)128U >> (uint32_t)layer; i0++) {
9022 size_t round = i0;
9023 zeta_i[0U] = zeta_i[0U] - (size_t)1U;
9024 size_t offset = round * step * (size_t)2U;
9025 size_t offset_vec =
9026 offset / LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR;
9027 size_t step_vec =
9028 step / LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR;
9029 for (size_t i = offset_vec; i < offset_vec + step_vec; i++) {
9030 size_t j = i;
9031 libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 uu____0 =
9032 libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_65(
9033 re->coefficients[j], re->coefficients[j + step_vec],
9034 libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]);
9035 libcrux_ml_kem_vector_portable_vector_type_PortableVector x = uu____0.fst;
9036 libcrux_ml_kem_vector_portable_vector_type_PortableVector y = uu____0.snd;
9037 re->coefficients[j] = x;
9038 re->coefficients[j + step_vec] = y;
9039 }
9040 }
9041 }
9042
9043 /**
9044 A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_montgomery
9045 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
9046 with const generics
9047 - K= 3
9048 */
libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_f6(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 * re)9049 static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_f6(
9050 libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) {
9051 size_t zeta_i =
9052 LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U;
9053 libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_83(&zeta_i, re, (size_t)1U);
9054 libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_c3(&zeta_i, re, (size_t)2U);
9055 libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_68(&zeta_i, re, (size_t)3U);
9056 libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_6e(&zeta_i, re,
9057 (size_t)4U);
9058 libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_6e(&zeta_i, re,
9059 (size_t)5U);
9060 libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_6e(&zeta_i, re,
9061 (size_t)6U);
9062 libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_6e(&zeta_i, re,
9063 (size_t)7U);
9064 libcrux_ml_kem_polynomial_poly_barrett_reduce_89_8b(re);
9065 }
9066
9067 /**
9068 This function found in impl
9069 {libcrux_ml_kem::polynomial::PolynomialRingElement<Vector>[TraitClause@0]}
9070 */
9071 /**
9072 A monomorphic instance of libcrux_ml_kem.polynomial.subtract_reduce_89
9073 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
9074 with const generics
9075
9076 */
9077 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0
libcrux_ml_kem_polynomial_subtract_reduce_89_d4(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 * self,libcrux_ml_kem_polynomial_PolynomialRingElement_f0 b)9078 libcrux_ml_kem_polynomial_subtract_reduce_89_d4(
9079 libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self,
9080 libcrux_ml_kem_polynomial_PolynomialRingElement_f0 b) {
9081 for (size_t i = (size_t)0U;
9082 i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
9083 size_t i0 = i;
9084 libcrux_ml_kem_vector_portable_vector_type_PortableVector
9085 coefficient_normal_form =
9086 libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_0d(
9087 b.coefficients[i0], (int16_t)1441);
9088 libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 =
9089 libcrux_ml_kem_vector_portable_barrett_reduce_0d(
9090 libcrux_ml_kem_vector_portable_sub_0d(self->coefficients[i0],
9091 &coefficient_normal_form));
9092 b.coefficients[i0] = uu____0;
9093 }
9094 return b;
9095 }
9096
9097 /**
9098 The following functions compute various expressions involving
9099 vectors and matrices. The computation of these expressions has been
9100 abstracted away into these functions in order to save on loop iterations.
9101 Compute v − InverseNTT(sᵀ ◦ NTT(u))
9102 */
9103 /**
9104 A monomorphic instance of libcrux_ml_kem.matrix.compute_message
9105 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
9106 with const generics
9107 - K= 3
9108 */
9109 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0
libcrux_ml_kem_matrix_compute_message_b3(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 * v,libcrux_ml_kem_polynomial_PolynomialRingElement_f0 * secret_as_ntt,libcrux_ml_kem_polynomial_PolynomialRingElement_f0 * u_as_ntt)9110 libcrux_ml_kem_matrix_compute_message_b3(
9111 libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *v,
9112 libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *secret_as_ntt,
9113 libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *u_as_ntt) {
9114 libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result =
9115 libcrux_ml_kem_polynomial_ZERO_89_ea();
9116 for (size_t i = (size_t)0U; i < (size_t)3U; i++) {
9117 size_t i0 = i;
9118 libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product =
9119 libcrux_ml_kem_polynomial_ntt_multiply_89_2a(&secret_as_ntt[i0],
9120 &u_as_ntt[i0]);
9121 libcrux_ml_kem_polynomial_add_to_ring_element_89_84(&result, &product);
9122 }
9123 libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_f6(&result);
9124 result = libcrux_ml_kem_polynomial_subtract_reduce_89_d4(v, result);
9125 return result;
9126 }
9127
9128 /**
9129 A monomorphic instance of libcrux_ml_kem.vector.portable.arithmetic.shift_right
9130 with const generics
9131 - SHIFT_BY= 15
9132 */
9133 static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector
libcrux_ml_kem_vector_portable_arithmetic_shift_right_94(libcrux_ml_kem_vector_portable_vector_type_PortableVector v)9134 libcrux_ml_kem_vector_portable_arithmetic_shift_right_94(
9135 libcrux_ml_kem_vector_portable_vector_type_PortableVector v) {
9136 for (size_t i = (size_t)0U;
9137 i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) {
9138 size_t i0 = i;
9139 v.elements[i0] = v.elements[i0] >> (uint32_t)(int32_t)15;
9140 }
9141 return v;
9142 }
9143
9144 /**
9145 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
9146 libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
9147 */
9148 /**
9149 A monomorphic instance of libcrux_ml_kem.vector.portable.shift_right_0d
9150 with const generics
9151 - SHIFT_BY= 15
9152 */
9153 static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector
libcrux_ml_kem_vector_portable_shift_right_0d_19(libcrux_ml_kem_vector_portable_vector_type_PortableVector v)9154 libcrux_ml_kem_vector_portable_shift_right_0d_19(
9155 libcrux_ml_kem_vector_portable_vector_type_PortableVector v) {
9156 return libcrux_ml_kem_vector_portable_arithmetic_shift_right_94(v);
9157 }
9158
9159 /**
9160 A monomorphic instance of
9161 libcrux_ml_kem.vector.traits.to_unsigned_representative with types
9162 libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
9163
9164 */
9165 static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector
libcrux_ml_kem_vector_traits_to_unsigned_representative_db(libcrux_ml_kem_vector_portable_vector_type_PortableVector a)9166 libcrux_ml_kem_vector_traits_to_unsigned_representative_db(
9167 libcrux_ml_kem_vector_portable_vector_type_PortableVector a) {
9168 libcrux_ml_kem_vector_portable_vector_type_PortableVector t =
9169 libcrux_ml_kem_vector_portable_shift_right_0d_19(a);
9170 libcrux_ml_kem_vector_portable_vector_type_PortableVector fm =
9171 libcrux_ml_kem_vector_portable_bitwise_and_with_constant_0d(
9172 t, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS);
9173 return libcrux_ml_kem_vector_portable_add_0d(a, &fm);
9174 }
9175
9176 /**
9177 A monomorphic instance of
9178 libcrux_ml_kem.serialize.compress_then_serialize_message with types
9179 libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
9180
9181 */
9182 static KRML_MUSTINLINE void
libcrux_ml_kem_serialize_compress_then_serialize_message_aa(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re,uint8_t ret[32U])9183 libcrux_ml_kem_serialize_compress_then_serialize_message_aa(
9184 libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, uint8_t ret[32U]) {
9185 uint8_t serialized[32U] = {0U};
9186 for (size_t i = (size_t)0U; i < (size_t)16U; i++) {
9187 size_t i0 = i;
9188 libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient =
9189 libcrux_ml_kem_vector_traits_to_unsigned_representative_db(
9190 re.coefficients[i0]);
9191 libcrux_ml_kem_vector_portable_vector_type_PortableVector
9192 coefficient_compressed =
9193 libcrux_ml_kem_vector_portable_compress_1_0d(coefficient);
9194 uint8_t bytes[2U];
9195 libcrux_ml_kem_vector_portable_serialize_1_0d(coefficient_compressed,
9196 bytes);
9197 Eurydice_slice uu____0 = Eurydice_array_to_subslice2(
9198 serialized, (size_t)2U * i0, (size_t)2U * i0 + (size_t)2U, uint8_t);
9199 Eurydice_slice_copy(
9200 uu____0, Eurydice_array_to_slice((size_t)2U, bytes, uint8_t), uint8_t);
9201 }
9202 memcpy(ret, serialized, (size_t)32U * sizeof(uint8_t));
9203 }
9204
9205 /**
9206 This function implements <strong>Algorithm 14</strong> of the
9207 NIST FIPS 203 specification; this is the Kyber CPA-PKE decryption algorithm.
9208
9209 Algorithm 14 is reproduced below:
9210
9211 ```plaintext
9212 Input: decryption key dkₚₖₑ ∈ ��^{384k}.
9213 Input: ciphertext c ∈ ��^{32(dᵤk + dᵥ)}.
9214 Output: message m ∈ ��^{32}.
9215
9216 c₁ ← c[0 : 32dᵤk]
9217 c₂ ← c[32dᵤk : 32(dᵤk + dᵥ)]
9218 u ← Decompress_{dᵤ}(ByteDecode_{dᵤ}(c₁))
9219 v ← Decompress_{dᵥ}(ByteDecode_{dᵥ}(c₂))
9220 ŝ ← ByteDecode₁₂(dkₚₖₑ)
9221 w ← v - NTT-¹(ŝᵀ ◦ NTT(u))
9222 m ← ByteEncode₁(Compress₁(w))
9223 return m
9224 ```
9225
9226 The NIST FIPS 203 standard can be found at
9227 <https://csrc.nist.gov/pubs/fips/203/ipd>.
9228 */
9229 /**
9230 A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt_unpacked
9231 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
9232 with const generics
9233 - K= 3
9234 - CIPHERTEXT_SIZE= 1088
9235 - VECTOR_U_ENCODED_SIZE= 960
9236 - U_COMPRESSION_FACTOR= 10
9237 - V_COMPRESSION_FACTOR= 4
9238 */
libcrux_ml_kem_ind_cpa_decrypt_unpacked_6d(libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 * secret_key,uint8_t * ciphertext,uint8_t ret[32U])9239 static inline void libcrux_ml_kem_ind_cpa_decrypt_unpacked_6d(
9240 libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 *secret_key,
9241 uint8_t *ciphertext, uint8_t ret[32U]) {
9242 libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[3U];
9243 libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_f4(ciphertext, u_as_ntt);
9244 libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v =
9245 libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_56(
9246 Eurydice_array_to_subslice_from((size_t)1088U, ciphertext,
9247 (size_t)960U, uint8_t, size_t));
9248 libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message =
9249 libcrux_ml_kem_matrix_compute_message_b3(&v, secret_key->secret_as_ntt,
9250 u_as_ntt);
9251 uint8_t ret0[32U];
9252 libcrux_ml_kem_serialize_compress_then_serialize_message_aa(message, ret0);
9253 memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t));
9254 }
9255
9256 /**
9257 A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt
9258 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
9259 with const generics
9260 - K= 3
9261 - CIPHERTEXT_SIZE= 1088
9262 - VECTOR_U_ENCODED_SIZE= 960
9263 - U_COMPRESSION_FACTOR= 10
9264 - V_COMPRESSION_FACTOR= 4
9265 */
libcrux_ml_kem_ind_cpa_decrypt_43(Eurydice_slice secret_key,uint8_t * ciphertext,uint8_t ret[32U])9266 static inline void libcrux_ml_kem_ind_cpa_decrypt_43(Eurydice_slice secret_key,
9267 uint8_t *ciphertext,
9268 uint8_t ret[32U]) {
9269 libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U];
9270 libcrux_ml_kem_ind_cpa_deserialize_secret_key_24(secret_key, secret_as_ntt);
9271 /* Passing arrays by value in Rust generates a copy in C */
9272 libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_secret_as_ntt[3U];
9273 memcpy(
9274 copy_of_secret_as_ntt, secret_as_ntt,
9275 (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0));
9276 libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8
9277 secret_key_unpacked;
9278 memcpy(
9279 secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt,
9280 (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0));
9281 uint8_t ret0[32U];
9282 libcrux_ml_kem_ind_cpa_decrypt_unpacked_6d(&secret_key_unpacked, ciphertext,
9283 ret0);
9284 memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t));
9285 }
9286
9287 /**
9288 This function found in impl {(libcrux_ml_kem::hash_functions::Hash<K> for
9289 libcrux_ml_kem::hash_functions::portable::PortableHash<K>)}
9290 */
9291 /**
9292 A monomorphic instance of libcrux_ml_kem.hash_functions.portable.G_f1
9293 with const generics
9294 - K= 3
9295 */
libcrux_ml_kem_hash_functions_portable_G_f1_e4(Eurydice_slice input,uint8_t ret[64U])9296 static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_G_f1_e4(
9297 Eurydice_slice input, uint8_t ret[64U]) {
9298 libcrux_ml_kem_hash_functions_portable_G(input, ret);
9299 }
9300
9301 /**
9302 A monomorphic instance of libcrux_ml_kem.hash_functions.portable.PRF
9303 with const generics
9304 - LEN= 32
9305 */
libcrux_ml_kem_hash_functions_portable_PRF_2b(Eurydice_slice input,uint8_t ret[32U])9306 static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRF_2b(
9307 Eurydice_slice input, uint8_t ret[32U]) {
9308 uint8_t digest[32U] = {0U};
9309 libcrux_sha3_portable_shake256(
9310 Eurydice_array_to_slice((size_t)32U, digest, uint8_t), input);
9311 memcpy(ret, digest, (size_t)32U * sizeof(uint8_t));
9312 }
9313
9314 /**
9315 This function found in impl {(libcrux_ml_kem::hash_functions::Hash<K> for
9316 libcrux_ml_kem::hash_functions::portable::PortableHash<K>)}
9317 */
9318 /**
9319 A monomorphic instance of libcrux_ml_kem.hash_functions.portable.PRF_f1
9320 with const generics
9321 - K= 3
9322 - LEN= 32
9323 */
libcrux_ml_kem_hash_functions_portable_PRF_f1_ee(Eurydice_slice input,uint8_t ret[32U])9324 static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRF_f1_ee(
9325 Eurydice_slice input, uint8_t ret[32U]) {
9326 libcrux_ml_kem_hash_functions_portable_PRF_2b(input, ret);
9327 }
9328
9329 /**
9330 A monomorphic instance of
9331 libcrux_ml_kem.serialize.deserialize_ring_elements_reduced.closure with types
9332 libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
9333 - PUBLIC_KEY_SIZE= 1152
9334 - K= 3
9335 */
9336 static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0
libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure_cd(size_t _i)9337 libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure_cd(
9338 size_t _i) {
9339 return libcrux_ml_kem_polynomial_ZERO_89_ea();
9340 }
9341
9342 /**
9343 Only use with public values.
9344
9345 This MUST NOT be used with secret inputs, like its caller
9346 `deserialize_ring_elements_reduced`.
9347 */
9348 /**
9349 A monomorphic instance of
9350 libcrux_ml_kem.serialize.deserialize_to_reduced_ring_element with types
9351 libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
9352
9353 */
9354 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0
libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_4c(Eurydice_slice serialized)9355 libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_4c(
9356 Eurydice_slice serialized) {
9357 libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re =
9358 libcrux_ml_kem_polynomial_ZERO_89_ea();
9359 for (size_t i = (size_t)0U;
9360 i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) {
9361 size_t i0 = i;
9362 Eurydice_slice bytes = Eurydice_slice_subslice2(
9363 serialized, i0 * (size_t)24U, i0 * (size_t)24U + (size_t)24U, uint8_t);
9364 libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient =
9365 libcrux_ml_kem_vector_portable_deserialize_12_0d(bytes);
9366 libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 =
9367 libcrux_ml_kem_vector_portable_cond_subtract_3329_0d(coefficient);
9368 re.coefficients[i0] = uu____0;
9369 }
9370 return re;
9371 }
9372
9373 /**
9374 This function deserializes ring elements and reduces the result by the field
9375 modulus.
9376
9377 This function MUST NOT be used on secret inputs.
9378 */
9379 /**
9380 A monomorphic instance of
9381 libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types
9382 libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
9383 - PUBLIC_KEY_SIZE= 1152
9384 - K= 3
9385 */
9386 static KRML_MUSTINLINE void
libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_33(Eurydice_slice public_key,libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U])9387 libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_33(
9388 Eurydice_slice public_key,
9389 libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) {
9390 libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U];
9391 for (size_t i = (size_t)0U; i < (size_t)3U; i++) {
9392 deserialized_pk[i] = libcrux_ml_kem_polynomial_ZERO_89_ea();
9393 }
9394 for (size_t i = (size_t)0U;
9395 i < Eurydice_slice_len(public_key, uint8_t) /
9396 LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT;
9397 i++) {
9398 size_t i0 = i;
9399 Eurydice_slice ring_element = Eurydice_slice_subslice2(
9400 public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT,
9401 i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT +
9402 LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT,
9403 uint8_t);
9404 libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 =
9405 libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_4c(
9406 ring_element);
9407 deserialized_pk[i0] = uu____0;
9408 }
9409 memcpy(
9410 ret, deserialized_pk,
9411 (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0));
9412 }
9413
9414 /**
9415 A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_A.closure.closure
9416 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector,
9417 libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const
9418 generics
9419 - K= 3
9420 */
9421 static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0
libcrux_ml_kem_matrix_sample_matrix_A_closure_closure_78(size_t _j)9422 libcrux_ml_kem_matrix_sample_matrix_A_closure_closure_78(size_t _j) {
9423 return libcrux_ml_kem_polynomial_ZERO_89_ea();
9424 }
9425
9426 /**
9427 A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_A.closure
9428 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector,
9429 libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const
9430 generics
9431 - K= 3
9432 */
libcrux_ml_kem_matrix_sample_matrix_A_closure_4b(size_t _i,libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U])9433 static inline void libcrux_ml_kem_matrix_sample_matrix_A_closure_4b(
9434 size_t _i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) {
9435 for (size_t i = (size_t)0U; i < (size_t)3U; i++) {
9436 ret[i] = libcrux_ml_kem_polynomial_ZERO_89_ea();
9437 }
9438 }
9439
9440 /**
9441 A monomorphic instance of libcrux_ml_kem.hash_functions.portable.PortableHash
9442 with const generics
9443 - $3size_t
9444 */
9445 typedef struct libcrux_ml_kem_hash_functions_portable_PortableHash_58_s {
9446 libcrux_sha3_generic_keccak_KeccakState_48 shake128_state[3U];
9447 } libcrux_ml_kem_hash_functions_portable_PortableHash_58;
9448
9449 /**
9450 A monomorphic instance of
9451 libcrux_ml_kem.hash_functions.portable.shake128_init_absorb with const generics
9452 - K= 3
9453 */
9454 static KRML_MUSTINLINE libcrux_ml_kem_hash_functions_portable_PortableHash_58
libcrux_ml_kem_hash_functions_portable_shake128_init_absorb_b7(uint8_t input[3U][34U])9455 libcrux_ml_kem_hash_functions_portable_shake128_init_absorb_b7(
9456 uint8_t input[3U][34U]) {
9457 libcrux_sha3_generic_keccak_KeccakState_48 shake128_state[3U];
9458 for (size_t i = (size_t)0U; i < (size_t)3U; i++) {
9459 shake128_state[i] = libcrux_sha3_portable_incremental_shake128_init();
9460 }
9461 for (size_t i = (size_t)0U; i < (size_t)3U; i++) {
9462 size_t i0 = i;
9463 libcrux_sha3_portable_incremental_shake128_absorb_final(
9464 &shake128_state[i0],
9465 Eurydice_array_to_slice((size_t)34U, input[i0], uint8_t));
9466 }
9467 /* Passing arrays by value in Rust generates a copy in C */
9468 libcrux_sha3_generic_keccak_KeccakState_48 copy_of_shake128_state[3U];
9469 memcpy(copy_of_shake128_state, shake128_state,
9470 (size_t)3U * sizeof(libcrux_sha3_generic_keccak_KeccakState_48));
9471 libcrux_ml_kem_hash_functions_portable_PortableHash_58 lit;
9472 memcpy(lit.shake128_state, copy_of_shake128_state,
9473 (size_t)3U * sizeof(libcrux_sha3_generic_keccak_KeccakState_48));
9474 return lit;
9475 }
9476
9477 /**
9478 This function found in impl {(libcrux_ml_kem::hash_functions::Hash<K> for
9479 libcrux_ml_kem::hash_functions::portable::PortableHash<K>)}
9480 */
9481 /**
9482 A monomorphic instance of
9483 libcrux_ml_kem.hash_functions.portable.shake128_init_absorb_f1 with const
9484 generics
9485 - K= 3
9486 */
9487 static KRML_MUSTINLINE libcrux_ml_kem_hash_functions_portable_PortableHash_58
libcrux_ml_kem_hash_functions_portable_shake128_init_absorb_f1_8c(uint8_t input[3U][34U])9488 libcrux_ml_kem_hash_functions_portable_shake128_init_absorb_f1_8c(
9489 uint8_t input[3U][34U]) {
9490 /* Passing arrays by value in Rust generates a copy in C */
9491 uint8_t copy_of_input[3U][34U];
9492 memcpy(copy_of_input, input, (size_t)3U * sizeof(uint8_t[34U]));
9493 return libcrux_ml_kem_hash_functions_portable_shake128_init_absorb_b7(
9494 copy_of_input);
9495 }
9496
9497 /**
9498 A monomorphic instance of
9499 libcrux_ml_kem.hash_functions.portable.shake128_squeeze_three_blocks with const
9500 generics
9501 - K= 3
9502 */
9503 static KRML_MUSTINLINE void
libcrux_ml_kem_hash_functions_portable_shake128_squeeze_three_blocks_ca(libcrux_ml_kem_hash_functions_portable_PortableHash_58 * st,uint8_t ret[3U][504U])9504 libcrux_ml_kem_hash_functions_portable_shake128_squeeze_three_blocks_ca(
9505 libcrux_ml_kem_hash_functions_portable_PortableHash_58 *st,
9506 uint8_t ret[3U][504U]) {
9507 uint8_t out[3U][504U] = {{0U}};
9508 for (size_t i = (size_t)0U; i < (size_t)3U; i++) {
9509 size_t i0 = i;
9510 libcrux_sha3_portable_incremental_shake128_squeeze_first_three_blocks(
9511 &st->shake128_state[i0],
9512 Eurydice_array_to_slice((size_t)504U, out[i0], uint8_t));
9513 }
9514 memcpy(ret, out, (size_t)3U * sizeof(uint8_t[504U]));
9515 }
9516
9517 /**
9518 This function found in impl {(libcrux_ml_kem::hash_functions::Hash<K> for
9519 libcrux_ml_kem::hash_functions::portable::PortableHash<K>)}
9520 */
9521 /**
9522 A monomorphic instance of
9523 libcrux_ml_kem.hash_functions.portable.shake128_squeeze_three_blocks_f1 with
9524 const generics
9525 - K= 3
9526 */
9527 static KRML_MUSTINLINE void
libcrux_ml_kem_hash_functions_portable_shake128_squeeze_three_blocks_f1_69(libcrux_ml_kem_hash_functions_portable_PortableHash_58 * self,uint8_t ret[3U][504U])9528 libcrux_ml_kem_hash_functions_portable_shake128_squeeze_three_blocks_f1_69(
9529 libcrux_ml_kem_hash_functions_portable_PortableHash_58 *self,
9530 uint8_t ret[3U][504U]) {
9531 libcrux_ml_kem_hash_functions_portable_shake128_squeeze_three_blocks_ca(self,
9532 ret);
9533 }
9534
9535 /**
9536 If `bytes` contains a set of uniformly random bytes, this function
9537 uniformly samples a ring element `â` that is treated as being the NTT
9538 representation of the corresponding polynomial `a`.
9539
9540 Since rejection sampling is used, it is possible the supplied bytes are
9541 not enough to sample the element, in which case an `Err` is returned and the
9542 caller must try again with a fresh set of bytes.
9543
9544 This function <strong>partially</strong> implements <strong>Algorithm
9545 6</strong> of the NIST FIPS 203 standard, We say "partially" because this
9546 implementation only accepts a finite set of bytes as input and returns an error
9547 if the set is not enough; Algorithm 6 of the FIPS 203 standard on the other
9548 hand samples from an infinite stream of bytes until the ring element is filled.
9549 Algorithm 6 is reproduced below:
9550
9551 ```plaintext
9552 Input: byte stream B ∈ ��*.
9553 Output: array â ∈ ℤ₂₅₆.
9554
9555 i ← 0
9556 j ← 0
9557 while j < 256 do
9558 d₁ ← B[i] + 256·(B[i+1] mod 16)
9559 d₂ ← ⌊B[i+1]/16⌋ + 16·B[i+2]
9560 if d₁ < q then
9561 â[j] ← d₁
9562 j ← j + 1
9563 end if
9564 if d₂ < q and j < 256 then
9565 â[j] ← d₂
9566 j ← j + 1
9567 end if
9568 i ← i + 3
9569 end while
9570 return â
9571 ```
9572
9573 The NIST FIPS 203 standard can be found at
9574 <https://csrc.nist.gov/pubs/fips/203/ipd>.
9575 */
9576 /**
9577 A monomorphic instance of
9578 libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types
9579 libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
9580 - K= 3
9581 - N= 504
9582 */
9583 static KRML_MUSTINLINE bool
libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_db(uint8_t randomness[3U][504U],size_t * sampled_coefficients,int16_t (* out)[272U])9584 libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_db(
9585 uint8_t randomness[3U][504U], size_t *sampled_coefficients,
9586 int16_t (*out)[272U]) {
9587 for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) {
9588 size_t i1 = i0;
9589 for (size_t i = (size_t)0U; i < (size_t)504U / (size_t)24U; i++) {
9590 size_t r = i;
9591 if (sampled_coefficients[i1] <
9592 LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) {
9593 Eurydice_slice uu____0 =
9594 Eurydice_array_to_subslice2(randomness[i1], r * (size_t)24U,
9595 r * (size_t)24U + (size_t)24U, uint8_t);
9596 size_t sampled = libcrux_ml_kem_vector_portable_rej_sample_0d(
9597 uu____0, Eurydice_array_to_subslice2(
9598 out[i1], sampled_coefficients[i1],
9599 sampled_coefficients[i1] + (size_t)16U, int16_t));
9600 size_t uu____1 = i1;
9601 sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled;
9602 }
9603 }
9604 }
9605 bool done = true;
9606 for (size_t i = (size_t)0U; i < (size_t)3U; i++) {
9607 size_t i0 = i;
9608 if (sampled_coefficients[i0] >=
9609 LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) {
9610 sampled_coefficients[i0] =
9611 LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT;
9612 } else {
9613 done = false;
9614 }
9615 }
9616 return done;
9617 }
9618
9619 /**
9620 A monomorphic instance of
9621 libcrux_ml_kem.hash_functions.portable.shake128_squeeze_block with const
9622 generics
9623 - K= 3
9624 */
9625 static KRML_MUSTINLINE void
libcrux_ml_kem_hash_functions_portable_shake128_squeeze_block_dd(libcrux_ml_kem_hash_functions_portable_PortableHash_58 * st,uint8_t ret[3U][168U])9626 libcrux_ml_kem_hash_functions_portable_shake128_squeeze_block_dd(
9627 libcrux_ml_kem_hash_functions_portable_PortableHash_58 *st,
9628 uint8_t ret[3U][168U]) {
9629 uint8_t out[3U][168U] = {{0U}};
9630 for (size_t i = (size_t)0U; i < (size_t)3U; i++) {
9631 size_t i0 = i;
9632 libcrux_sha3_portable_incremental_shake128_squeeze_next_block(
9633 &st->shake128_state[i0],
9634 Eurydice_array_to_slice((size_t)168U, out[i0], uint8_t));
9635 }
9636 memcpy(ret, out, (size_t)3U * sizeof(uint8_t[168U]));
9637 }
9638
9639 /**
9640 This function found in impl {(libcrux_ml_kem::hash_functions::Hash<K> for
9641 libcrux_ml_kem::hash_functions::portable::PortableHash<K>)}
9642 */
9643 /**
9644 A monomorphic instance of
9645 libcrux_ml_kem.hash_functions.portable.shake128_squeeze_block_f1 with const
9646 generics
9647 - K= 3
9648 */
9649 static KRML_MUSTINLINE void
libcrux_ml_kem_hash_functions_portable_shake128_squeeze_block_f1_60(libcrux_ml_kem_hash_functions_portable_PortableHash_58 * self,uint8_t ret[3U][168U])9650 libcrux_ml_kem_hash_functions_portable_shake128_squeeze_block_f1_60(
9651 libcrux_ml_kem_hash_functions_portable_PortableHash_58 *self,
9652 uint8_t ret[3U][168U]) {
9653 libcrux_ml_kem_hash_functions_portable_shake128_squeeze_block_dd(self, ret);
9654 }
9655
9656 /**
9657 If `bytes` contains a set of uniformly random bytes, this function
9658 uniformly samples a ring element `â` that is treated as being the NTT
9659 representation of the corresponding polynomial `a`.
9660
9661 Since rejection sampling is used, it is possible the supplied bytes are
9662 not enough to sample the element, in which case an `Err` is returned and the
9663 caller must try again with a fresh set of bytes.
9664
9665 This function <strong>partially</strong> implements <strong>Algorithm
9666 6</strong> of the NIST FIPS 203 standard, We say "partially" because this
9667 implementation only accepts a finite set of bytes as input and returns an error
9668 if the set is not enough; Algorithm 6 of the FIPS 203 standard on the other
9669 hand samples from an infinite stream of bytes until the ring element is filled.
9670 Algorithm 6 is reproduced below:
9671
9672 ```plaintext
9673 Input: byte stream B ∈ ��*.
9674 Output: array â ∈ ℤ₂₅₆.
9675
9676 i ← 0
9677 j ← 0
9678 while j < 256 do
9679 d₁ ← B[i] + 256·(B[i+1] mod 16)
9680 d₂ ← ⌊B[i+1]/16⌋ + 16·B[i+2]
9681 if d₁ < q then
9682 â[j] ← d₁
9683 j ← j + 1
9684 end if
9685 if d₂ < q and j < 256 then
9686 â[j] ← d₂
9687 j ← j + 1
9688 end if
9689 i ← i + 3
9690 end while
9691 return â
9692 ```
9693
9694 The NIST FIPS 203 standard can be found at
9695 <https://csrc.nist.gov/pubs/fips/203/ipd>.
9696 */
9697 /**
9698 A monomorphic instance of
9699 libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types
9700 libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
9701 - K= 3
9702 - N= 168
9703 */
9704 static KRML_MUSTINLINE bool
libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_db0(uint8_t randomness[3U][168U],size_t * sampled_coefficients,int16_t (* out)[272U])9705 libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_db0(
9706 uint8_t randomness[3U][168U], size_t *sampled_coefficients,
9707 int16_t (*out)[272U]) {
9708 for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) {
9709 size_t i1 = i0;
9710 for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)24U; i++) {
9711 size_t r = i;
9712 if (sampled_coefficients[i1] <
9713 LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) {
9714 Eurydice_slice uu____0 =
9715 Eurydice_array_to_subslice2(randomness[i1], r * (size_t)24U,
9716 r * (size_t)24U + (size_t)24U, uint8_t);
9717 size_t sampled = libcrux_ml_kem_vector_portable_rej_sample_0d(
9718 uu____0, Eurydice_array_to_subslice2(
9719 out[i1], sampled_coefficients[i1],
9720 sampled_coefficients[i1] + (size_t)16U, int16_t));
9721 size_t uu____1 = i1;
9722 sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled;
9723 }
9724 }
9725 }
9726 bool done = true;
9727 for (size_t i = (size_t)0U; i < (size_t)3U; i++) {
9728 size_t i0 = i;
9729 if (sampled_coefficients[i0] >=
9730 LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) {
9731 sampled_coefficients[i0] =
9732 LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT;
9733 } else {
9734 done = false;
9735 }
9736 }
9737 return done;
9738 }
9739
9740 /**
9741 This function found in impl
9742 {libcrux_ml_kem::polynomial::PolynomialRingElement<Vector>[TraitClause@0]}
9743 */
9744 /**
9745 A monomorphic instance of libcrux_ml_kem.polynomial.from_i16_array_89
9746 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
9747 with const generics
9748
9749 */
9750 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0
libcrux_ml_kem_polynomial_from_i16_array_89_c1(Eurydice_slice a)9751 libcrux_ml_kem_polynomial_from_i16_array_89_c1(Eurydice_slice a) {
9752 libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result =
9753 libcrux_ml_kem_polynomial_ZERO_89_ea();
9754 for (size_t i = (size_t)0U;
9755 i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
9756 size_t i0 = i;
9757 libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 =
9758 libcrux_ml_kem_vector_portable_from_i16_array_0d(
9759 Eurydice_slice_subslice2(a, i0 * (size_t)16U,
9760 (i0 + (size_t)1U) * (size_t)16U, int16_t));
9761 result.coefficients[i0] = uu____0;
9762 }
9763 return result;
9764 }
9765
9766 /**
9767 A monomorphic instance of libcrux_ml_kem.sampling.sample_from_xof.closure
9768 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector,
9769 libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const
9770 generics
9771 - K= 3
9772 */
9773 static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0
libcrux_ml_kem_sampling_sample_from_xof_closure_04(int16_t s[272U])9774 libcrux_ml_kem_sampling_sample_from_xof_closure_04(int16_t s[272U]) {
9775 return libcrux_ml_kem_polynomial_from_i16_array_89_c1(
9776 Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t));
9777 }
9778
9779 /**
9780 A monomorphic instance of libcrux_ml_kem.sampling.sample_from_xof
9781 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector,
9782 libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const
9783 generics
9784 - K= 3
9785 */
libcrux_ml_kem_sampling_sample_from_xof_3f(uint8_t seeds[3U][34U],libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U])9786 static KRML_MUSTINLINE void libcrux_ml_kem_sampling_sample_from_xof_3f(
9787 uint8_t seeds[3U][34U],
9788 libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) {
9789 size_t sampled_coefficients[3U] = {0U};
9790 int16_t out[3U][272U] = {{0U}};
9791 /* Passing arrays by value in Rust generates a copy in C */
9792 uint8_t copy_of_seeds[3U][34U];
9793 memcpy(copy_of_seeds, seeds, (size_t)3U * sizeof(uint8_t[34U]));
9794 libcrux_ml_kem_hash_functions_portable_PortableHash_58 xof_state =
9795 libcrux_ml_kem_hash_functions_portable_shake128_init_absorb_f1_8c(
9796 copy_of_seeds);
9797 uint8_t randomness0[3U][504U];
9798 libcrux_ml_kem_hash_functions_portable_shake128_squeeze_three_blocks_f1_69(
9799 &xof_state, randomness0);
9800 /* Passing arrays by value in Rust generates a copy in C */
9801 uint8_t copy_of_randomness0[3U][504U];
9802 memcpy(copy_of_randomness0, randomness0, (size_t)3U * sizeof(uint8_t[504U]));
9803 bool done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_db(
9804 copy_of_randomness0, sampled_coefficients, out);
9805 while (true) {
9806 if (done) {
9807 break;
9808 } else {
9809 uint8_t randomness[3U][168U];
9810 libcrux_ml_kem_hash_functions_portable_shake128_squeeze_block_f1_60(
9811 &xof_state, randomness);
9812 /* Passing arrays by value in Rust generates a copy in C */
9813 uint8_t copy_of_randomness[3U][168U];
9814 memcpy(copy_of_randomness, randomness,
9815 (size_t)3U * sizeof(uint8_t[168U]));
9816 done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_db0(
9817 copy_of_randomness, sampled_coefficients, out);
9818 }
9819 }
9820 /* Passing arrays by value in Rust generates a copy in C */
9821 int16_t copy_of_out[3U][272U];
9822 memcpy(copy_of_out, out, (size_t)3U * sizeof(int16_t[272U]));
9823 libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret0[3U];
9824 for (size_t i = (size_t)0U; i < (size_t)3U; i++) {
9825 ret0[i] =
9826 libcrux_ml_kem_sampling_sample_from_xof_closure_04(copy_of_out[i]);
9827 }
9828 memcpy(
9829 ret, ret0,
9830 (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0));
9831 }
9832
9833 /**
9834 A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_A
9835 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector,
9836 libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const
9837 generics
9838 - K= 3
9839 */
libcrux_ml_kem_matrix_sample_matrix_A_38(uint8_t seed[34U],bool transpose,libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U][3U])9840 static KRML_MUSTINLINE void libcrux_ml_kem_matrix_sample_matrix_A_38(
9841 uint8_t seed[34U], bool transpose,
9842 libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U][3U]) {
9843 libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[3U][3U];
9844 for (size_t i = (size_t)0U; i < (size_t)3U; i++) {
9845 libcrux_ml_kem_matrix_sample_matrix_A_closure_4b(i, A_transpose[i]);
9846 }
9847 for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) {
9848 size_t i1 = i0;
9849 /* Passing arrays by value in Rust generates a copy in C */
9850 uint8_t copy_of_seed[34U];
9851 memcpy(copy_of_seed, seed, (size_t)34U * sizeof(uint8_t));
9852 uint8_t seeds[3U][34U];
9853 for (size_t i = (size_t)0U; i < (size_t)3U; i++) {
9854 memcpy(seeds[i], copy_of_seed, (size_t)34U * sizeof(uint8_t));
9855 }
9856 for (size_t i = (size_t)0U; i < (size_t)3U; i++) {
9857 size_t j = i;
9858 seeds[j][32U] = (uint8_t)i1;
9859 seeds[j][33U] = (uint8_t)j;
9860 }
9861 /* Passing arrays by value in Rust generates a copy in C */
9862 uint8_t copy_of_seeds[3U][34U];
9863 memcpy(copy_of_seeds, seeds, (size_t)3U * sizeof(uint8_t[34U]));
9864 libcrux_ml_kem_polynomial_PolynomialRingElement_f0 sampled[3U];
9865 libcrux_ml_kem_sampling_sample_from_xof_3f(copy_of_seeds, sampled);
9866 for (size_t i = (size_t)0U;
9867 i < Eurydice_slice_len(
9868 Eurydice_array_to_slice(
9869 (size_t)3U, sampled,
9870 libcrux_ml_kem_polynomial_PolynomialRingElement_f0),
9871 libcrux_ml_kem_polynomial_PolynomialRingElement_f0);
9872 i++) {
9873 size_t j = i;
9874 libcrux_ml_kem_polynomial_PolynomialRingElement_f0 sample = sampled[j];
9875 if (transpose) {
9876 A_transpose[j][i1] = sample;
9877 } else {
9878 A_transpose[i1][j] = sample;
9879 }
9880 }
9881 }
9882 memcpy(ret, A_transpose,
9883 (size_t)3U *
9884 sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U]));
9885 }
9886
9887 /**
9888 A monomorphic instance of K.
9889 with types libcrux_ml_kem_polynomial_PolynomialRingElement
9890 libcrux_ml_kem_vector_portable_vector_type_PortableVector[3size_t], uint8_t
9891
9892 */
9893 typedef struct tuple_b0_s {
9894 libcrux_ml_kem_polynomial_PolynomialRingElement_f0 fst[3U];
9895 uint8_t snd;
9896 } tuple_b0;
9897
9898 /**
9899 A monomorphic instance of
9900 libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt.closure with types
9901 libcrux_ml_kem_vector_portable_vector_type_PortableVector,
9902 libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const
9903 generics
9904 - K= 3
9905 - ETA= 2
9906 - ETA_RANDOMNESS_SIZE= 128
9907 */
9908 static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0
libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_closure_f7(size_t _i)9909 libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_closure_f7(size_t _i) {
9910 return libcrux_ml_kem_polynomial_ZERO_89_ea();
9911 }
9912
9913 /**
9914 A monomorphic instance of libcrux_ml_kem.hash_functions.portable.PRFxN
9915 with const generics
9916 - K= 3
9917 - LEN= 128
9918 */
libcrux_ml_kem_hash_functions_portable_PRFxN_c5(uint8_t (* input)[33U],uint8_t ret[3U][128U])9919 static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRFxN_c5(
9920 uint8_t (*input)[33U], uint8_t ret[3U][128U]) {
9921 uint8_t out[3U][128U] = {{0U}};
9922 for (size_t i = (size_t)0U; i < (size_t)3U; i++) {
9923 size_t i0 = i;
9924 libcrux_sha3_portable_shake256(
9925 Eurydice_array_to_slice((size_t)128U, out[i0], uint8_t),
9926 Eurydice_array_to_slice((size_t)33U, input[i0], uint8_t));
9927 }
9928 memcpy(ret, out, (size_t)3U * sizeof(uint8_t[128U]));
9929 }
9930
9931 /**
9932 This function found in impl {(libcrux_ml_kem::hash_functions::Hash<K> for
9933 libcrux_ml_kem::hash_functions::portable::PortableHash<K>)}
9934 */
9935 /**
9936 A monomorphic instance of libcrux_ml_kem.hash_functions.portable.PRFxN_f1
9937 with const generics
9938 - K= 3
9939 - LEN= 128
9940 */
libcrux_ml_kem_hash_functions_portable_PRFxN_f1_93(uint8_t (* input)[33U],uint8_t ret[3U][128U])9941 static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRFxN_f1_93(
9942 uint8_t (*input)[33U], uint8_t ret[3U][128U]) {
9943 libcrux_ml_kem_hash_functions_portable_PRFxN_c5(input, ret);
9944 }
9945
9946 /**
9947 Given a series of uniformly random bytes in `randomness`, for some number
9948 `eta`, the `sample_from_binomial_distribution_{eta}` functions sample a ring
9949 element from a binomial distribution centered at 0 that uses two sets of `eta`
9950 coin flips. If, for example, `eta = ETA`, each ring coefficient is a value `v`
9951 such such that `v ∈ {-ETA, -ETA + 1, ..., 0, ..., ETA + 1, ETA}` and:
9952
9953 ```plaintext
9954 - If v < 0, Pr[v] = Pr[-v]
9955 - If v >= 0, Pr[v] = BINOMIAL_COEFFICIENT(2 * ETA; ETA - v) / 2 ^ (2 * ETA)
9956 ```
9957
9958 The values `v < 0` are mapped to the appropriate `KyberFieldElement`.
9959
9960 The expected value is:
9961
9962 ```plaintext
9963 E[X] = (-ETA)Pr[-ETA] + (-(ETA - 1))Pr[-(ETA - 1)] + ... + (ETA - 1)Pr[ETA - 1]
9964 + (ETA)Pr[ETA] = 0 since Pr[-v] = Pr[v] when v < 0.
9965 ```
9966
9967 And the variance is:
9968
9969 ```plaintext
9970 Var(X) = E[(X - E[X])^2]
9971 = E[X^2]
9972 = sum_(v=-ETA to ETA)v^2 * (BINOMIAL_COEFFICIENT(2 * ETA; ETA - v) /
9973 2^(2 * ETA)) = ETA / 2
9974 ```
9975
9976 This function implements <strong>Algorithm 7</strong> of the NIST FIPS 203
9977 standard, which is reproduced below:
9978
9979 ```plaintext
9980 Input: byte array B ∈ ��^{64η}.
9981 Output: array f ∈ ℤ₂₅₆.
9982
9983 b ← BytesToBits(B)
9984 for (i ← 0; i < 256; i++)
9985 x ← ∑(j=0 to η - 1) b[2iη + j]
9986 y ← ∑(j=0 to η - 1) b[2iη + η + j]
9987 f[i] ← x−y mod q
9988 end for
9989 return f
9990 ```
9991
9992 The NIST FIPS 203 standard can be found at
9993 <https://csrc.nist.gov/pubs/fips/203/ipd>.
9994 */
9995 /**
9996 A monomorphic instance of
9997 libcrux_ml_kem.sampling.sample_from_binomial_distribution_2 with types
9998 libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
9999
10000 */
10001 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0
libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_85(Eurydice_slice randomness)10002 libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_85(
10003 Eurydice_slice randomness) {
10004 int16_t sampled_i16s[256U] = {0U};
10005 for (size_t i0 = (size_t)0U;
10006 i0 < Eurydice_slice_len(randomness, uint8_t) / (size_t)4U; i0++) {
10007 size_t chunk_number = i0;
10008 Eurydice_slice byte_chunk = Eurydice_slice_subslice2(
10009 randomness, chunk_number * (size_t)4U,
10010 chunk_number * (size_t)4U + (size_t)4U, uint8_t);
10011 uint32_t random_bits_as_u32 =
10012 (((uint32_t)Eurydice_slice_index(byte_chunk, (size_t)0U, uint8_t,
10013 uint8_t *) |
10014 (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)1U, uint8_t,
10015 uint8_t *)
10016 << 8U) |
10017 (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)2U, uint8_t,
10018 uint8_t *)
10019 << 16U) |
10020 (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)3U, uint8_t,
10021 uint8_t *)
10022 << 24U;
10023 uint32_t even_bits = random_bits_as_u32 & 1431655765U;
10024 uint32_t odd_bits = random_bits_as_u32 >> 1U & 1431655765U;
10025 uint32_t coin_toss_outcomes = even_bits + odd_bits;
10026 for (uint32_t i = 0U; i < CORE_NUM__U32_8__BITS / 4U; i++) {
10027 uint32_t outcome_set = i;
10028 uint32_t outcome_set0 = outcome_set * 4U;
10029 int16_t outcome_1 =
10030 (int16_t)(coin_toss_outcomes >> (uint32_t)outcome_set0 & 3U);
10031 int16_t outcome_2 =
10032 (int16_t)(coin_toss_outcomes >> (uint32_t)(outcome_set0 + 2U) & 3U);
10033 size_t offset = (size_t)(outcome_set0 >> 2U);
10034 sampled_i16s[(size_t)8U * chunk_number + offset] = outcome_1 - outcome_2;
10035 }
10036 }
10037 return libcrux_ml_kem_polynomial_from_i16_array_89_c1(
10038 Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t));
10039 }
10040
10041 /**
10042 A monomorphic instance of
10043 libcrux_ml_kem.sampling.sample_from_binomial_distribution_3 with types
10044 libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
10045
10046 */
10047 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0
libcrux_ml_kem_sampling_sample_from_binomial_distribution_3_eb(Eurydice_slice randomness)10048 libcrux_ml_kem_sampling_sample_from_binomial_distribution_3_eb(
10049 Eurydice_slice randomness) {
10050 int16_t sampled_i16s[256U] = {0U};
10051 for (size_t i0 = (size_t)0U;
10052 i0 < Eurydice_slice_len(randomness, uint8_t) / (size_t)3U; i0++) {
10053 size_t chunk_number = i0;
10054 Eurydice_slice byte_chunk = Eurydice_slice_subslice2(
10055 randomness, chunk_number * (size_t)3U,
10056 chunk_number * (size_t)3U + (size_t)3U, uint8_t);
10057 uint32_t random_bits_as_u24 =
10058 ((uint32_t)Eurydice_slice_index(byte_chunk, (size_t)0U, uint8_t,
10059 uint8_t *) |
10060 (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)1U, uint8_t,
10061 uint8_t *)
10062 << 8U) |
10063 (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)2U, uint8_t,
10064 uint8_t *)
10065 << 16U;
10066 uint32_t first_bits = random_bits_as_u24 & 2396745U;
10067 uint32_t second_bits = random_bits_as_u24 >> 1U & 2396745U;
10068 uint32_t third_bits = random_bits_as_u24 >> 2U & 2396745U;
10069 uint32_t coin_toss_outcomes = first_bits + second_bits + third_bits;
10070 for (int32_t i = (int32_t)0; i < (int32_t)24 / (int32_t)6; i++) {
10071 int32_t outcome_set = i;
10072 int32_t outcome_set0 = outcome_set * (int32_t)6;
10073 int16_t outcome_1 =
10074 (int16_t)(coin_toss_outcomes >> (uint32_t)outcome_set0 & 7U);
10075 int16_t outcome_2 = (int16_t)(coin_toss_outcomes >>
10076 (uint32_t)(outcome_set0 + (int32_t)3) &
10077 7U);
10078 size_t offset = (size_t)(outcome_set0 / (int32_t)6);
10079 sampled_i16s[(size_t)4U * chunk_number + offset] = outcome_1 - outcome_2;
10080 }
10081 }
10082 return libcrux_ml_kem_polynomial_from_i16_array_89_c1(
10083 Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t));
10084 }
10085
10086 /**
10087 A monomorphic instance of
10088 libcrux_ml_kem.sampling.sample_from_binomial_distribution with types
10089 libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
10090 - ETA= 2
10091 */
10092 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0
libcrux_ml_kem_sampling_sample_from_binomial_distribution_c6(Eurydice_slice randomness)10093 libcrux_ml_kem_sampling_sample_from_binomial_distribution_c6(
10094 Eurydice_slice randomness) {
10095 return libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_85(
10096 randomness);
10097 }
10098
10099 /**
10100 A monomorphic instance of libcrux_ml_kem.ntt.ntt_at_layer_7
10101 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
10102 with const generics
10103
10104 */
libcrux_ml_kem_ntt_ntt_at_layer_7_f4(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 * re)10105 static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_7_f4(
10106 libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) {
10107 size_t step = LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT / (size_t)2U;
10108 for (size_t i = (size_t)0U; i < step; i++) {
10109 size_t j = i;
10110 libcrux_ml_kem_vector_portable_vector_type_PortableVector t =
10111 libcrux_ml_kem_vector_portable_multiply_by_constant_0d(
10112 re->coefficients[j + step], (int16_t)-1600);
10113 re->coefficients[j + step] =
10114 libcrux_ml_kem_vector_portable_sub_0d(re->coefficients[j], &t);
10115 libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____1 =
10116 libcrux_ml_kem_vector_portable_add_0d(re->coefficients[j], &t);
10117 re->coefficients[j] = uu____1;
10118 }
10119 }
10120
10121 /**
10122 A monomorphic instance of libcrux_ml_kem.ntt.ntt_binomially_sampled_ring_element
10123 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
10124 with const generics
10125
10126 */
10127 static KRML_MUSTINLINE void
libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_0f(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 * re)10128 libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_0f(
10129 libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) {
10130 libcrux_ml_kem_ntt_ntt_at_layer_7_f4(re);
10131 size_t zeta_i = (size_t)1U;
10132 libcrux_ml_kem_ntt_ntt_at_layer_4_plus_51(&zeta_i, re, (size_t)6U,
10133 (size_t)3U);
10134 libcrux_ml_kem_ntt_ntt_at_layer_4_plus_51(&zeta_i, re, (size_t)5U,
10135 (size_t)3U);
10136 libcrux_ml_kem_ntt_ntt_at_layer_4_plus_51(&zeta_i, re, (size_t)4U,
10137 (size_t)3U);
10138 libcrux_ml_kem_ntt_ntt_at_layer_3_fd(&zeta_i, re, (size_t)3U, (size_t)3U);
10139 libcrux_ml_kem_ntt_ntt_at_layer_2_ad(&zeta_i, re, (size_t)2U, (size_t)3U);
10140 libcrux_ml_kem_ntt_ntt_at_layer_1_a2(&zeta_i, re, (size_t)1U, (size_t)3U);
10141 libcrux_ml_kem_polynomial_poly_barrett_reduce_89_8b(re);
10142 }
10143
10144 /**
10145 Sample a vector of ring elements from a centered binomial distribution and
10146 convert them into their NTT representations.
10147 */
10148 /**
10149 A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt
10150 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector,
10151 libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const
10152 generics
10153 - K= 3
10154 - ETA= 2
10155 - ETA_RANDOMNESS_SIZE= 128
10156 */
10157 static KRML_MUSTINLINE tuple_b0
libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_fc(uint8_t prf_input[33U],uint8_t domain_separator)10158 libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_fc(uint8_t prf_input[33U],
10159 uint8_t domain_separator) {
10160 libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re_as_ntt[3U];
10161 for (size_t i = (size_t)0U; i < (size_t)3U; i++) {
10162 re_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_89_ea();
10163 }
10164 /* Passing arrays by value in Rust generates a copy in C */
10165 uint8_t copy_of_prf_input[33U];
10166 memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t));
10167 uint8_t prf_inputs[3U][33U];
10168 for (size_t i = (size_t)0U; i < (size_t)3U; i++) {
10169 memcpy(prf_inputs[i], copy_of_prf_input, (size_t)33U * sizeof(uint8_t));
10170 }
10171 for (size_t i = (size_t)0U; i < (size_t)3U; i++) {
10172 size_t i0 = i;
10173 prf_inputs[i0][32U] = domain_separator;
10174 domain_separator = (uint32_t)domain_separator + 1U;
10175 }
10176 uint8_t prf_outputs[3U][128U];
10177 libcrux_ml_kem_hash_functions_portable_PRFxN_f1_93(prf_inputs, prf_outputs);
10178 for (size_t i = (size_t)0U; i < (size_t)3U; i++) {
10179 size_t i0 = i;
10180 re_as_ntt[i0] =
10181 libcrux_ml_kem_sampling_sample_from_binomial_distribution_c6(
10182 Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t));
10183 libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_0f(&re_as_ntt[i0]);
10184 }
10185 /* Passing arrays by value in Rust generates a copy in C */
10186 libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_re_as_ntt[3U];
10187 memcpy(
10188 copy_of_re_as_ntt, re_as_ntt,
10189 (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0));
10190 tuple_b0 lit;
10191 memcpy(
10192 lit.fst, copy_of_re_as_ntt,
10193 (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0));
10194 lit.snd = domain_separator;
10195 return lit;
10196 }
10197
10198 /**
10199 A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_ring_element_cbd.closure
10200 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector,
10201 libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const
10202 generics
10203 - K= 3
10204 - ETA2_RANDOMNESS_SIZE= 128
10205 - ETA2= 2
10206 */
10207 static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0
libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure_77(size_t _i)10208 libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure_77(size_t _i) {
10209 return libcrux_ml_kem_polynomial_ZERO_89_ea();
10210 }
10211
10212 /**
10213 Sample a vector of ring elements from a centered binomial distribution.
10214 */
10215 /**
10216 A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_ring_element_cbd
10217 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector,
10218 libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const
10219 generics
10220 - K= 3
10221 - ETA2_RANDOMNESS_SIZE= 128
10222 - ETA2= 2
10223 */
10224 static KRML_MUSTINLINE tuple_b0
libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_ac(uint8_t prf_input[33U],uint8_t domain_separator)10225 libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_ac(uint8_t prf_input[33U],
10226 uint8_t domain_separator) {
10227 libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[3U];
10228 for (size_t i = (size_t)0U; i < (size_t)3U; i++) {
10229 error_1[i] = libcrux_ml_kem_polynomial_ZERO_89_ea();
10230 }
10231 /* Passing arrays by value in Rust generates a copy in C */
10232 uint8_t copy_of_prf_input[33U];
10233 memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t));
10234 uint8_t prf_inputs[3U][33U];
10235 for (size_t i = (size_t)0U; i < (size_t)3U; i++) {
10236 memcpy(prf_inputs[i], copy_of_prf_input, (size_t)33U * sizeof(uint8_t));
10237 }
10238 for (size_t i = (size_t)0U; i < (size_t)3U; i++) {
10239 size_t i0 = i;
10240 prf_inputs[i0][32U] = domain_separator;
10241 domain_separator = (uint32_t)domain_separator + 1U;
10242 }
10243 uint8_t prf_outputs[3U][128U];
10244 libcrux_ml_kem_hash_functions_portable_PRFxN_f1_93(prf_inputs, prf_outputs);
10245 for (size_t i = (size_t)0U; i < (size_t)3U; i++) {
10246 size_t i0 = i;
10247 libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 =
10248 libcrux_ml_kem_sampling_sample_from_binomial_distribution_c6(
10249 Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t));
10250 error_1[i0] = uu____1;
10251 }
10252 /* Passing arrays by value in Rust generates a copy in C */
10253 libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_error_1[3U];
10254 memcpy(
10255 copy_of_error_1, error_1,
10256 (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0));
10257 tuple_b0 lit;
10258 memcpy(
10259 lit.fst, copy_of_error_1,
10260 (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0));
10261 lit.snd = domain_separator;
10262 return lit;
10263 }
10264
10265 /**
10266 A monomorphic instance of libcrux_ml_kem.hash_functions.portable.PRF
10267 with const generics
10268 - LEN= 128
10269 */
libcrux_ml_kem_hash_functions_portable_PRF_2b0(Eurydice_slice input,uint8_t ret[128U])10270 static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRF_2b0(
10271 Eurydice_slice input, uint8_t ret[128U]) {
10272 uint8_t digest[128U] = {0U};
10273 libcrux_sha3_portable_shake256(
10274 Eurydice_array_to_slice((size_t)128U, digest, uint8_t), input);
10275 memcpy(ret, digest, (size_t)128U * sizeof(uint8_t));
10276 }
10277
10278 /**
10279 This function found in impl {(libcrux_ml_kem::hash_functions::Hash<K> for
10280 libcrux_ml_kem::hash_functions::portable::PortableHash<K>)}
10281 */
10282 /**
10283 A monomorphic instance of libcrux_ml_kem.hash_functions.portable.PRF_f1
10284 with const generics
10285 - K= 3
10286 - LEN= 128
10287 */
libcrux_ml_kem_hash_functions_portable_PRF_f1_ee0(Eurydice_slice input,uint8_t ret[128U])10288 static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRF_f1_ee0(
10289 Eurydice_slice input, uint8_t ret[128U]) {
10290 libcrux_ml_kem_hash_functions_portable_PRF_2b0(input, ret);
10291 }
10292
10293 /**
10294 A monomorphic instance of libcrux_ml_kem.matrix.compute_vector_u.closure
10295 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
10296 with const generics
10297 - K= 3
10298 */
10299 static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0
libcrux_ml_kem_matrix_compute_vector_u_closure_d6(size_t _i)10300 libcrux_ml_kem_matrix_compute_vector_u_closure_d6(size_t _i) {
10301 return libcrux_ml_kem_polynomial_ZERO_89_ea();
10302 }
10303
10304 /**
10305 This function found in impl
10306 {libcrux_ml_kem::polynomial::PolynomialRingElement<Vector>[TraitClause@0]}
10307 */
10308 /**
10309 A monomorphic instance of libcrux_ml_kem.polynomial.add_error_reduce_89
10310 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
10311 with const generics
10312
10313 */
libcrux_ml_kem_polynomial_add_error_reduce_89_38(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 * self,libcrux_ml_kem_polynomial_PolynomialRingElement_f0 * error)10314 static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_89_38(
10315 libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self,
10316 libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error) {
10317 for (size_t i = (size_t)0U;
10318 i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
10319 size_t j = i;
10320 libcrux_ml_kem_vector_portable_vector_type_PortableVector
10321 coefficient_normal_form =
10322 libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_0d(
10323 self->coefficients[j], (int16_t)1441);
10324 libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 =
10325 libcrux_ml_kem_vector_portable_barrett_reduce_0d(
10326 libcrux_ml_kem_vector_portable_add_0d(coefficient_normal_form,
10327 &error->coefficients[j]));
10328 self->coefficients[j] = uu____0;
10329 }
10330 }
10331
10332 /**
10333 Compute u := InvertNTT(Aᵀ ◦ r̂) + e₁
10334 */
10335 /**
10336 A monomorphic instance of libcrux_ml_kem.matrix.compute_vector_u
10337 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
10338 with const generics
10339 - K= 3
10340 */
libcrux_ml_kem_matrix_compute_vector_u_59(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (* a_as_ntt)[3U],libcrux_ml_kem_polynomial_PolynomialRingElement_f0 * r_as_ntt,libcrux_ml_kem_polynomial_PolynomialRingElement_f0 * error_1,libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U])10341 static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_59(
10342 libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*a_as_ntt)[3U],
10343 libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt,
10344 libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_1,
10345 libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) {
10346 libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[3U];
10347 for (size_t i = (size_t)0U; i < (size_t)3U; i++) {
10348 result[i] = libcrux_ml_kem_polynomial_ZERO_89_ea();
10349 }
10350 for (size_t i0 = (size_t)0U;
10351 i0 < Eurydice_slice_len(
10352 Eurydice_array_to_slice(
10353 (size_t)3U, a_as_ntt,
10354 libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U]),
10355 libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U]);
10356 i0++) {
10357 size_t i1 = i0;
10358 libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *row = a_as_ntt[i1];
10359 for (size_t i = (size_t)0U;
10360 i < Eurydice_slice_len(
10361 Eurydice_array_to_slice(
10362 (size_t)3U, row,
10363 libcrux_ml_kem_polynomial_PolynomialRingElement_f0),
10364 libcrux_ml_kem_polynomial_PolynomialRingElement_f0);
10365 i++) {
10366 size_t j = i;
10367 libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *a_element = &row[j];
10368 libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product =
10369 libcrux_ml_kem_polynomial_ntt_multiply_89_2a(a_element, &r_as_ntt[j]);
10370 libcrux_ml_kem_polynomial_add_to_ring_element_89_84(&result[i1],
10371 &product);
10372 }
10373 libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_f6(&result[i1]);
10374 libcrux_ml_kem_polynomial_add_error_reduce_89_38(&result[i1], &error_1[i1]);
10375 }
10376 memcpy(
10377 ret, result,
10378 (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0));
10379 }
10380
10381 /**
10382 A monomorphic instance of libcrux_ml_kem.vector.traits.decompress_1
10383 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
10384 with const generics
10385
10386 */
10387 static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector
libcrux_ml_kem_vector_traits_decompress_1_63(libcrux_ml_kem_vector_portable_vector_type_PortableVector v)10388 libcrux_ml_kem_vector_traits_decompress_1_63(
10389 libcrux_ml_kem_vector_portable_vector_type_PortableVector v) {
10390 libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 =
10391 libcrux_ml_kem_vector_portable_ZERO_0d();
10392 return libcrux_ml_kem_vector_portable_bitwise_and_with_constant_0d(
10393 libcrux_ml_kem_vector_portable_sub_0d(uu____0, &v), (int16_t)1665);
10394 }
10395
10396 /**
10397 A monomorphic instance of
10398 libcrux_ml_kem.serialize.deserialize_then_decompress_message with types
10399 libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
10400
10401 */
10402 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0
libcrux_ml_kem_serialize_deserialize_then_decompress_message_0d(uint8_t serialized[32U])10403 libcrux_ml_kem_serialize_deserialize_then_decompress_message_0d(
10404 uint8_t serialized[32U]) {
10405 libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re =
10406 libcrux_ml_kem_polynomial_ZERO_89_ea();
10407 for (size_t i = (size_t)0U; i < (size_t)16U; i++) {
10408 size_t i0 = i;
10409 libcrux_ml_kem_vector_portable_vector_type_PortableVector
10410 coefficient_compressed =
10411 libcrux_ml_kem_vector_portable_deserialize_1_0d(
10412 Eurydice_array_to_subslice2(serialized, (size_t)2U * i0,
10413 (size_t)2U * i0 + (size_t)2U,
10414 uint8_t));
10415 libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 =
10416 libcrux_ml_kem_vector_traits_decompress_1_63(coefficient_compressed);
10417 re.coefficients[i0] = uu____0;
10418 }
10419 return re;
10420 }
10421
10422 /**
10423 This function found in impl
10424 {libcrux_ml_kem::polynomial::PolynomialRingElement<Vector>[TraitClause@0]}
10425 */
10426 /**
10427 A monomorphic instance of libcrux_ml_kem.polynomial.add_message_error_reduce_89
10428 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
10429 with const generics
10430
10431 */
10432 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0
libcrux_ml_kem_polynomial_add_message_error_reduce_89_ea(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 * self,libcrux_ml_kem_polynomial_PolynomialRingElement_f0 * message,libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result)10433 libcrux_ml_kem_polynomial_add_message_error_reduce_89_ea(
10434 libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self,
10435 libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message,
10436 libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result) {
10437 for (size_t i = (size_t)0U;
10438 i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
10439 size_t i0 = i;
10440 libcrux_ml_kem_vector_portable_vector_type_PortableVector
10441 coefficient_normal_form =
10442 libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_0d(
10443 result.coefficients[i0], (int16_t)1441);
10444 libcrux_ml_kem_vector_portable_vector_type_PortableVector tmp =
10445 libcrux_ml_kem_vector_portable_add_0d(self->coefficients[i0],
10446 &message->coefficients[i0]);
10447 libcrux_ml_kem_vector_portable_vector_type_PortableVector tmp0 =
10448 libcrux_ml_kem_vector_portable_add_0d(coefficient_normal_form, &tmp);
10449 libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 =
10450 libcrux_ml_kem_vector_portable_barrett_reduce_0d(tmp0);
10451 result.coefficients[i0] = uu____0;
10452 }
10453 return result;
10454 }
10455
10456 /**
10457 Compute InverseNTT(tᵀ ◦ r̂) + e₂ + message
10458 */
10459 /**
10460 A monomorphic instance of libcrux_ml_kem.matrix.compute_ring_element_v
10461 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
10462 with const generics
10463 - K= 3
10464 */
10465 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0
libcrux_ml_kem_matrix_compute_ring_element_v_54(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 * t_as_ntt,libcrux_ml_kem_polynomial_PolynomialRingElement_f0 * r_as_ntt,libcrux_ml_kem_polynomial_PolynomialRingElement_f0 * error_2,libcrux_ml_kem_polynomial_PolynomialRingElement_f0 * message)10466 libcrux_ml_kem_matrix_compute_ring_element_v_54(
10467 libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt,
10468 libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt,
10469 libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_2,
10470 libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message) {
10471 libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result =
10472 libcrux_ml_kem_polynomial_ZERO_89_ea();
10473 for (size_t i = (size_t)0U; i < (size_t)3U; i++) {
10474 size_t i0 = i;
10475 libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product =
10476 libcrux_ml_kem_polynomial_ntt_multiply_89_2a(&t_as_ntt[i0],
10477 &r_as_ntt[i0]);
10478 libcrux_ml_kem_polynomial_add_to_ring_element_89_84(&result, &product);
10479 }
10480 libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_f6(&result);
10481 result = libcrux_ml_kem_polynomial_add_message_error_reduce_89_ea(
10482 error_2, message, result);
10483 return result;
10484 }
10485
10486 /**
10487 A monomorphic instance of libcrux_ml_kem.vector.portable.compress.compress
10488 with const generics
10489 - COEFFICIENT_BITS= 10
10490 */
10491 static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector
libcrux_ml_kem_vector_portable_compress_compress_02(libcrux_ml_kem_vector_portable_vector_type_PortableVector v)10492 libcrux_ml_kem_vector_portable_compress_compress_02(
10493 libcrux_ml_kem_vector_portable_vector_type_PortableVector v) {
10494 for (size_t i = (size_t)0U;
10495 i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) {
10496 size_t i0 = i;
10497 int16_t uu____0 =
10498 libcrux_ml_kem_vector_portable_compress_compress_ciphertext_coefficient(
10499 (uint8_t)(int32_t)10, (uint16_t)v.elements[i0]);
10500 v.elements[i0] = uu____0;
10501 }
10502 return v;
10503 }
10504
10505 /**
10506 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
10507 libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
10508 */
10509 /**
10510 A monomorphic instance of libcrux_ml_kem.vector.portable.compress_0d
10511 with const generics
10512 - COEFFICIENT_BITS= 10
10513 */
10514 static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector
libcrux_ml_kem_vector_portable_compress_0d_28(libcrux_ml_kem_vector_portable_vector_type_PortableVector v)10515 libcrux_ml_kem_vector_portable_compress_0d_28(
10516 libcrux_ml_kem_vector_portable_vector_type_PortableVector v) {
10517 return libcrux_ml_kem_vector_portable_compress_compress_02(v);
10518 }
10519
10520 /**
10521 A monomorphic instance of libcrux_ml_kem.serialize.compress_then_serialize_10
10522 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
10523 with const generics
10524 - OUT_LEN= 320
10525 */
10526 static KRML_MUSTINLINE void
libcrux_ml_kem_serialize_compress_then_serialize_10_fc(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 * re,uint8_t ret[320U])10527 libcrux_ml_kem_serialize_compress_then_serialize_10_fc(
10528 libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[320U]) {
10529 uint8_t serialized[320U] = {0U};
10530 for (size_t i = (size_t)0U;
10531 i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
10532 size_t i0 = i;
10533 libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient =
10534 libcrux_ml_kem_vector_portable_compress_0d_28(
10535 libcrux_ml_kem_vector_traits_to_unsigned_representative_db(
10536 re->coefficients[i0]));
10537 uint8_t bytes[20U];
10538 libcrux_ml_kem_vector_portable_serialize_10_0d(coefficient, bytes);
10539 Eurydice_slice uu____0 = Eurydice_array_to_subslice2(
10540 serialized, (size_t)20U * i0, (size_t)20U * i0 + (size_t)20U, uint8_t);
10541 Eurydice_slice_copy(
10542 uu____0, Eurydice_array_to_slice((size_t)20U, bytes, uint8_t), uint8_t);
10543 }
10544 memcpy(ret, serialized, (size_t)320U * sizeof(uint8_t));
10545 }
10546
10547 /**
10548 A monomorphic instance of libcrux_ml_kem.vector.portable.compress.compress
10549 with const generics
10550 - COEFFICIENT_BITS= 11
10551 */
10552 static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector
libcrux_ml_kem_vector_portable_compress_compress_020(libcrux_ml_kem_vector_portable_vector_type_PortableVector v)10553 libcrux_ml_kem_vector_portable_compress_compress_020(
10554 libcrux_ml_kem_vector_portable_vector_type_PortableVector v) {
10555 for (size_t i = (size_t)0U;
10556 i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) {
10557 size_t i0 = i;
10558 int16_t uu____0 =
10559 libcrux_ml_kem_vector_portable_compress_compress_ciphertext_coefficient(
10560 (uint8_t)(int32_t)11, (uint16_t)v.elements[i0]);
10561 v.elements[i0] = uu____0;
10562 }
10563 return v;
10564 }
10565
10566 /**
10567 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
10568 libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
10569 */
10570 /**
10571 A monomorphic instance of libcrux_ml_kem.vector.portable.compress_0d
10572 with const generics
10573 - COEFFICIENT_BITS= 11
10574 */
10575 static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector
libcrux_ml_kem_vector_portable_compress_0d_280(libcrux_ml_kem_vector_portable_vector_type_PortableVector v)10576 libcrux_ml_kem_vector_portable_compress_0d_280(
10577 libcrux_ml_kem_vector_portable_vector_type_PortableVector v) {
10578 return libcrux_ml_kem_vector_portable_compress_compress_020(v);
10579 }
10580
10581 /**
10582 A monomorphic instance of libcrux_ml_kem.serialize.compress_then_serialize_11
10583 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
10584 with const generics
10585 - OUT_LEN= 320
10586 */
10587 static KRML_MUSTINLINE void
libcrux_ml_kem_serialize_compress_then_serialize_11_e1(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 * re,uint8_t ret[320U])10588 libcrux_ml_kem_serialize_compress_then_serialize_11_e1(
10589 libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[320U]) {
10590 uint8_t serialized[320U] = {0U};
10591 for (size_t i = (size_t)0U;
10592 i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
10593 size_t i0 = i;
10594 libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient =
10595 libcrux_ml_kem_vector_portable_compress_0d_280(
10596 libcrux_ml_kem_vector_traits_to_unsigned_representative_db(
10597 re->coefficients[i0]));
10598 uint8_t bytes[22U];
10599 libcrux_ml_kem_vector_portable_serialize_11_0d(coefficient, bytes);
10600 Eurydice_slice uu____0 = Eurydice_array_to_subslice2(
10601 serialized, (size_t)22U * i0, (size_t)22U * i0 + (size_t)22U, uint8_t);
10602 Eurydice_slice_copy(
10603 uu____0, Eurydice_array_to_slice((size_t)22U, bytes, uint8_t), uint8_t);
10604 }
10605 memcpy(ret, serialized, (size_t)320U * sizeof(uint8_t));
10606 }
10607
10608 /**
10609 A monomorphic instance of
10610 libcrux_ml_kem.serialize.compress_then_serialize_ring_element_u with types
10611 libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
10612 - COMPRESSION_FACTOR= 10
10613 - OUT_LEN= 320
10614 */
10615 static KRML_MUSTINLINE void
libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_5f(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 * re,uint8_t ret[320U])10616 libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_5f(
10617 libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[320U]) {
10618 uint8_t uu____0[320U];
10619 libcrux_ml_kem_serialize_compress_then_serialize_10_fc(re, uu____0);
10620 memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t));
10621 }
10622
10623 /**
10624 Call [`compress_then_serialize_ring_element_u`] on each ring element.
10625 */
10626 /**
10627 A monomorphic instance of libcrux_ml_kem.ind_cpa.compress_then_serialize_u
10628 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
10629 with const generics
10630 - K= 3
10631 - OUT_LEN= 960
10632 - COMPRESSION_FACTOR= 10
10633 - BLOCK_LEN= 320
10634 */
libcrux_ml_kem_ind_cpa_compress_then_serialize_u_a7(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 input[3U],Eurydice_slice out)10635 static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_a7(
10636 libcrux_ml_kem_polynomial_PolynomialRingElement_f0 input[3U],
10637 Eurydice_slice out) {
10638 for (size_t i = (size_t)0U;
10639 i < Eurydice_slice_len(
10640 Eurydice_array_to_slice(
10641 (size_t)3U, input,
10642 libcrux_ml_kem_polynomial_PolynomialRingElement_f0),
10643 libcrux_ml_kem_polynomial_PolynomialRingElement_f0);
10644 i++) {
10645 size_t i0 = i;
10646 libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = input[i0];
10647 Eurydice_slice uu____0 = Eurydice_slice_subslice2(
10648 out, i0 * ((size_t)960U / (size_t)3U),
10649 (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t);
10650 uint8_t ret[320U];
10651 libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_5f(&re,
10652 ret);
10653 Eurydice_slice_copy(
10654 uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t), uint8_t);
10655 }
10656 }
10657
10658 /**
10659 A monomorphic instance of libcrux_ml_kem.vector.portable.compress.compress
10660 with const generics
10661 - COEFFICIENT_BITS= 4
10662 */
10663 static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector
libcrux_ml_kem_vector_portable_compress_compress_021(libcrux_ml_kem_vector_portable_vector_type_PortableVector v)10664 libcrux_ml_kem_vector_portable_compress_compress_021(
10665 libcrux_ml_kem_vector_portable_vector_type_PortableVector v) {
10666 for (size_t i = (size_t)0U;
10667 i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) {
10668 size_t i0 = i;
10669 int16_t uu____0 =
10670 libcrux_ml_kem_vector_portable_compress_compress_ciphertext_coefficient(
10671 (uint8_t)(int32_t)4, (uint16_t)v.elements[i0]);
10672 v.elements[i0] = uu____0;
10673 }
10674 return v;
10675 }
10676
10677 /**
10678 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
10679 libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
10680 */
10681 /**
10682 A monomorphic instance of libcrux_ml_kem.vector.portable.compress_0d
10683 with const generics
10684 - COEFFICIENT_BITS= 4
10685 */
10686 static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector
libcrux_ml_kem_vector_portable_compress_0d_281(libcrux_ml_kem_vector_portable_vector_type_PortableVector v)10687 libcrux_ml_kem_vector_portable_compress_0d_281(
10688 libcrux_ml_kem_vector_portable_vector_type_PortableVector v) {
10689 return libcrux_ml_kem_vector_portable_compress_compress_021(v);
10690 }
10691
10692 /**
10693 A monomorphic instance of libcrux_ml_kem.serialize.compress_then_serialize_4
10694 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
10695 with const generics
10696
10697 */
10698 static KRML_MUSTINLINE void
libcrux_ml_kem_serialize_compress_then_serialize_4_9a(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re,Eurydice_slice serialized)10699 libcrux_ml_kem_serialize_compress_then_serialize_4_9a(
10700 libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re,
10701 Eurydice_slice serialized) {
10702 for (size_t i = (size_t)0U;
10703 i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
10704 size_t i0 = i;
10705 libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient =
10706 libcrux_ml_kem_vector_portable_compress_0d_281(
10707 libcrux_ml_kem_vector_traits_to_unsigned_representative_db(
10708 re.coefficients[i0]));
10709 uint8_t bytes[8U];
10710 libcrux_ml_kem_vector_portable_serialize_4_0d(coefficient, bytes);
10711 Eurydice_slice_copy(
10712 Eurydice_slice_subslice2(serialized, (size_t)8U * i0,
10713 (size_t)8U * i0 + (size_t)8U, uint8_t),
10714 Eurydice_array_to_slice((size_t)8U, bytes, uint8_t), uint8_t);
10715 }
10716 }
10717
10718 /**
10719 A monomorphic instance of libcrux_ml_kem.vector.portable.compress.compress
10720 with const generics
10721 - COEFFICIENT_BITS= 5
10722 */
10723 static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector
libcrux_ml_kem_vector_portable_compress_compress_022(libcrux_ml_kem_vector_portable_vector_type_PortableVector v)10724 libcrux_ml_kem_vector_portable_compress_compress_022(
10725 libcrux_ml_kem_vector_portable_vector_type_PortableVector v) {
10726 for (size_t i = (size_t)0U;
10727 i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) {
10728 size_t i0 = i;
10729 int16_t uu____0 =
10730 libcrux_ml_kem_vector_portable_compress_compress_ciphertext_coefficient(
10731 (uint8_t)(int32_t)5, (uint16_t)v.elements[i0]);
10732 v.elements[i0] = uu____0;
10733 }
10734 return v;
10735 }
10736
10737 /**
10738 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
10739 libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
10740 */
10741 /**
10742 A monomorphic instance of libcrux_ml_kem.vector.portable.compress_0d
10743 with const generics
10744 - COEFFICIENT_BITS= 5
10745 */
10746 static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector
libcrux_ml_kem_vector_portable_compress_0d_282(libcrux_ml_kem_vector_portable_vector_type_PortableVector v)10747 libcrux_ml_kem_vector_portable_compress_0d_282(
10748 libcrux_ml_kem_vector_portable_vector_type_PortableVector v) {
10749 return libcrux_ml_kem_vector_portable_compress_compress_022(v);
10750 }
10751
10752 /**
10753 A monomorphic instance of libcrux_ml_kem.serialize.compress_then_serialize_5
10754 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
10755 with const generics
10756
10757 */
10758 static KRML_MUSTINLINE void
libcrux_ml_kem_serialize_compress_then_serialize_5_1f(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re,Eurydice_slice serialized)10759 libcrux_ml_kem_serialize_compress_then_serialize_5_1f(
10760 libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re,
10761 Eurydice_slice serialized) {
10762 for (size_t i = (size_t)0U;
10763 i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
10764 size_t i0 = i;
10765 libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficients =
10766 libcrux_ml_kem_vector_portable_compress_0d_282(
10767 libcrux_ml_kem_vector_traits_to_unsigned_representative_db(
10768 re.coefficients[i0]));
10769 uint8_t bytes[10U];
10770 libcrux_ml_kem_vector_portable_serialize_5_0d(coefficients, bytes);
10771 Eurydice_slice_copy(
10772 Eurydice_slice_subslice2(serialized, (size_t)10U * i0,
10773 (size_t)10U * i0 + (size_t)10U, uint8_t),
10774 Eurydice_array_to_slice((size_t)10U, bytes, uint8_t), uint8_t);
10775 }
10776 }
10777
10778 /**
10779 A monomorphic instance of
10780 libcrux_ml_kem.serialize.compress_then_serialize_ring_element_v with types
10781 libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
10782 - COMPRESSION_FACTOR= 4
10783 - OUT_LEN= 128
10784 */
10785 static KRML_MUSTINLINE void
libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_4e(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re,Eurydice_slice out)10786 libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_4e(
10787 libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice out) {
10788 libcrux_ml_kem_serialize_compress_then_serialize_4_9a(re, out);
10789 }
10790
10791 /**
10792 A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt
10793 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector,
10794 libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const
10795 generics
10796 - K= 3
10797 - CIPHERTEXT_SIZE= 1088
10798 - T_AS_NTT_ENCODED_SIZE= 1152
10799 - C1_LEN= 960
10800 - C2_LEN= 128
10801 - U_COMPRESSION_FACTOR= 10
10802 - V_COMPRESSION_FACTOR= 4
10803 - BLOCK_LEN= 320
10804 - ETA1= 2
10805 - ETA1_RANDOMNESS_SIZE= 128
10806 - ETA2= 2
10807 - ETA2_RANDOMNESS_SIZE= 128
10808 */
libcrux_ml_kem_ind_cpa_encrypt_60(Eurydice_slice public_key,uint8_t message[32U],Eurydice_slice randomness,uint8_t ret[1088U])10809 static inline void libcrux_ml_kem_ind_cpa_encrypt_60(Eurydice_slice public_key,
10810 uint8_t message[32U],
10811 Eurydice_slice randomness,
10812 uint8_t ret[1088U]) {
10813 libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[3U];
10814 libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_33(
10815 Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t),
10816 t_as_ntt);
10817 Eurydice_slice seed =
10818 Eurydice_slice_subslice_from(public_key, (size_t)1152U, uint8_t, size_t);
10819 libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[3U][3U];
10820 uint8_t ret0[34U];
10821 libcrux_ml_kem_utils_into_padded_array_ea1(seed, ret0);
10822 libcrux_ml_kem_matrix_sample_matrix_A_38(ret0, false, A);
10823 uint8_t prf_input[33U];
10824 libcrux_ml_kem_utils_into_padded_array_ea2(randomness, prf_input);
10825 /* Passing arrays by value in Rust generates a copy in C */
10826 uint8_t copy_of_prf_input0[33U];
10827 memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t));
10828 tuple_b0 uu____1 = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_fc(
10829 copy_of_prf_input0, 0U);
10830 libcrux_ml_kem_polynomial_PolynomialRingElement_f0 r_as_ntt[3U];
10831 memcpy(
10832 r_as_ntt, uu____1.fst,
10833 (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0));
10834 uint8_t domain_separator0 = uu____1.snd;
10835 /* Passing arrays by value in Rust generates a copy in C */
10836 uint8_t copy_of_prf_input[33U];
10837 memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t));
10838 tuple_b0 uu____3 = libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_ac(
10839 copy_of_prf_input, domain_separator0);
10840 libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[3U];
10841 memcpy(
10842 error_1, uu____3.fst,
10843 (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0));
10844 uint8_t domain_separator = uu____3.snd;
10845 prf_input[32U] = domain_separator;
10846 uint8_t prf_output[128U];
10847 libcrux_ml_kem_hash_functions_portable_PRF_f1_ee0(
10848 Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), prf_output);
10849 libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_2 =
10850 libcrux_ml_kem_sampling_sample_from_binomial_distribution_c6(
10851 Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t));
10852 libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u[3U];
10853 libcrux_ml_kem_matrix_compute_vector_u_59(A, r_as_ntt, error_1, u);
10854 /* Passing arrays by value in Rust generates a copy in C */
10855 uint8_t copy_of_message[32U];
10856 memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t));
10857 libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message_as_ring_element =
10858 libcrux_ml_kem_serialize_deserialize_then_decompress_message_0d(
10859 copy_of_message);
10860 libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v =
10861 libcrux_ml_kem_matrix_compute_ring_element_v_54(
10862 t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element);
10863 uint8_t ciphertext[1088U] = {0U};
10864 libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[3U];
10865 memcpy(
10866 uu____5, u,
10867 (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0));
10868 libcrux_ml_kem_ind_cpa_compress_then_serialize_u_a7(
10869 uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U,
10870 uint8_t));
10871 libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____6 = v;
10872 libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_4e(
10873 uu____6, Eurydice_array_to_subslice_from((size_t)1088U, ciphertext,
10874 (size_t)960U, uint8_t, size_t));
10875 memcpy(ret, ciphertext, (size_t)1088U * sizeof(uint8_t));
10876 }
10877
10878 /**
10879 This function found in impl {(libcrux_ml_kem::variant::Variant for
10880 libcrux_ml_kem::variant::MlKem)#1}
10881 */
10882 /**
10883 A monomorphic instance of libcrux_ml_kem.variant.kdf_d8
10884 with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]]
10885 with const generics
10886 - K= 3
10887 - CIPHERTEXT_SIZE= 1088
10888 */
libcrux_ml_kem_variant_kdf_d8_41(Eurydice_slice shared_secret,libcrux_ml_kem_mlkem768_MlKem768Ciphertext * _,uint8_t ret[32U])10889 static KRML_MUSTINLINE void libcrux_ml_kem_variant_kdf_d8_41(
10890 Eurydice_slice shared_secret, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *_,
10891 uint8_t ret[32U]) {
10892 uint8_t out[32U] = {0U};
10893 Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t),
10894 shared_secret, uint8_t);
10895 memcpy(ret, out, (size_t)32U * sizeof(uint8_t));
10896 }
10897
10898 /**
10899 A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate
10900 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector,
10901 libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]],
10902 libcrux_ml_kem_variant_MlKem with const generics
10903 - K= 3
10904 - SECRET_KEY_SIZE= 2400
10905 - CPA_SECRET_KEY_SIZE= 1152
10906 - PUBLIC_KEY_SIZE= 1184
10907 - CIPHERTEXT_SIZE= 1088
10908 - T_AS_NTT_ENCODED_SIZE= 1152
10909 - C1_SIZE= 960
10910 - C2_SIZE= 128
10911 - VECTOR_U_COMPRESSION_FACTOR= 10
10912 - VECTOR_V_COMPRESSION_FACTOR= 4
10913 - C1_BLOCK_SIZE= 320
10914 - ETA1= 2
10915 - ETA1_RANDOMNESS_SIZE= 128
10916 - ETA2= 2
10917 - ETA2_RANDOMNESS_SIZE= 128
10918 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120
10919 */
libcrux_ml_kem_ind_cca_decapsulate_70(libcrux_ml_kem_types_MlKemPrivateKey_55 * private_key,libcrux_ml_kem_mlkem768_MlKem768Ciphertext * ciphertext,uint8_t ret[32U])10920 static inline void libcrux_ml_kem_ind_cca_decapsulate_70(
10921 libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key,
10922 libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) {
10923 Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at(
10924 Eurydice_array_to_slice((size_t)2400U, private_key->value, uint8_t),
10925 (size_t)1152U, uint8_t, Eurydice_slice_uint8_t_x2);
10926 Eurydice_slice ind_cpa_secret_key = uu____0.fst;
10927 Eurydice_slice secret_key0 = uu____0.snd;
10928 Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at(
10929 secret_key0, (size_t)1184U, uint8_t, Eurydice_slice_uint8_t_x2);
10930 Eurydice_slice ind_cpa_public_key = uu____1.fst;
10931 Eurydice_slice secret_key = uu____1.snd;
10932 Eurydice_slice_uint8_t_x2 uu____2 = Eurydice_slice_split_at(
10933 secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t,
10934 Eurydice_slice_uint8_t_x2);
10935 Eurydice_slice ind_cpa_public_key_hash = uu____2.fst;
10936 Eurydice_slice implicit_rejection_value = uu____2.snd;
10937 uint8_t decrypted[32U];
10938 libcrux_ml_kem_ind_cpa_decrypt_43(ind_cpa_secret_key, ciphertext->value,
10939 decrypted);
10940 uint8_t to_hash0[64U];
10941 libcrux_ml_kem_utils_into_padded_array_ea(
10942 Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0);
10943 Eurydice_slice_copy(
10944 Eurydice_array_to_subslice_from(
10945 (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE,
10946 uint8_t, size_t),
10947 ind_cpa_public_key_hash, uint8_t);
10948 uint8_t hashed[64U];
10949 libcrux_ml_kem_hash_functions_portable_G_f1_e4(
10950 Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed);
10951 Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at(
10952 Eurydice_array_to_slice((size_t)64U, hashed, uint8_t),
10953 LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t,
10954 Eurydice_slice_uint8_t_x2);
10955 Eurydice_slice shared_secret0 = uu____3.fst;
10956 Eurydice_slice pseudorandomness = uu____3.snd;
10957 uint8_t to_hash[1120U];
10958 libcrux_ml_kem_utils_into_padded_array_ea0(implicit_rejection_value, to_hash);
10959 Eurydice_slice uu____4 = Eurydice_array_to_subslice_from(
10960 (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE,
10961 uint8_t, size_t);
10962 Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_24(ciphertext),
10963 uint8_t);
10964 uint8_t implicit_rejection_shared_secret0[32U];
10965 libcrux_ml_kem_hash_functions_portable_PRF_f1_ee(
10966 Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t),
10967 implicit_rejection_shared_secret0);
10968 Eurydice_slice uu____5 = ind_cpa_public_key;
10969 /* Passing arrays by value in Rust generates a copy in C */
10970 uint8_t copy_of_decrypted[32U];
10971 memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t));
10972 uint8_t expected_ciphertext[1088U];
10973 libcrux_ml_kem_ind_cpa_encrypt_60(uu____5, copy_of_decrypted,
10974 pseudorandomness, expected_ciphertext);
10975 uint8_t implicit_rejection_shared_secret[32U];
10976 libcrux_ml_kem_variant_kdf_d8_41(
10977 Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0,
10978 uint8_t),
10979 ciphertext, implicit_rejection_shared_secret);
10980 uint8_t shared_secret[32U];
10981 libcrux_ml_kem_variant_kdf_d8_41(shared_secret0, ciphertext, shared_secret);
10982 uint8_t ret0[32U];
10983 libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time(
10984 libcrux_ml_kem_types_as_ref_00_24(ciphertext),
10985 Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t),
10986 Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t),
10987 Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret,
10988 uint8_t),
10989 ret0);
10990 memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t));
10991 }
10992
10993 /**
10994 Portable decapsulate
10995 */
10996 /**
10997 A monomorphic instance of
10998 libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics
10999 - K= 3
11000 - SECRET_KEY_SIZE= 2400
11001 - CPA_SECRET_KEY_SIZE= 1152
11002 - PUBLIC_KEY_SIZE= 1184
11003 - CIPHERTEXT_SIZE= 1088
11004 - T_AS_NTT_ENCODED_SIZE= 1152
11005 - C1_SIZE= 960
11006 - C2_SIZE= 128
11007 - VECTOR_U_COMPRESSION_FACTOR= 10
11008 - VECTOR_V_COMPRESSION_FACTOR= 4
11009 - C1_BLOCK_SIZE= 320
11010 - ETA1= 2
11011 - ETA1_RANDOMNESS_SIZE= 128
11012 - ETA2= 2
11013 - ETA2_RANDOMNESS_SIZE= 128
11014 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120
11015 */
11016 static inline void
libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_2e(libcrux_ml_kem_types_MlKemPrivateKey_55 * private_key,libcrux_ml_kem_mlkem768_MlKem768Ciphertext * ciphertext,uint8_t ret[32U])11017 libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_2e(
11018 libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key,
11019 libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) {
11020 libcrux_ml_kem_ind_cca_decapsulate_70(private_key, ciphertext, ret);
11021 }
11022
11023 /**
11024 Decapsulate ML-KEM 768
11025
11026 Generates an [`MlKemSharedSecret`].
11027 The input is a reference to an [`MlKem768PrivateKey`] and an
11028 [`MlKem768Ciphertext`].
11029 */
libcrux_ml_kem_mlkem768_portable_decapsulate(libcrux_ml_kem_types_MlKemPrivateKey_55 * private_key,libcrux_ml_kem_mlkem768_MlKem768Ciphertext * ciphertext,uint8_t ret[32U])11030 static inline void libcrux_ml_kem_mlkem768_portable_decapsulate(
11031 libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key,
11032 libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) {
11033 libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_2e(
11034 private_key, ciphertext, ret);
11035 }
11036
11037 /**
11038 This function found in impl {(libcrux_ml_kem::variant::Variant for
11039 libcrux_ml_kem::variant::MlKem)#1}
11040 */
11041 /**
11042 A monomorphic instance of libcrux_ml_kem.variant.entropy_preprocess_d8
11043 with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]]
11044 with const generics
11045 - K= 3
11046 */
libcrux_ml_kem_variant_entropy_preprocess_d8_63(Eurydice_slice randomness,uint8_t ret[32U])11047 static KRML_MUSTINLINE void libcrux_ml_kem_variant_entropy_preprocess_d8_63(
11048 Eurydice_slice randomness, uint8_t ret[32U]) {
11049 uint8_t out[32U] = {0U};
11050 Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t),
11051 randomness, uint8_t);
11052 memcpy(ret, out, (size_t)32U * sizeof(uint8_t));
11053 }
11054
11055 /**
11056 This function found in impl {(libcrux_ml_kem::hash_functions::Hash<K> for
11057 libcrux_ml_kem::hash_functions::portable::PortableHash<K>)}
11058 */
11059 /**
11060 A monomorphic instance of libcrux_ml_kem.hash_functions.portable.H_f1
11061 with const generics
11062 - K= 3
11063 */
libcrux_ml_kem_hash_functions_portable_H_f1_1a(Eurydice_slice input,uint8_t ret[32U])11064 static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_H_f1_1a(
11065 Eurydice_slice input, uint8_t ret[32U]) {
11066 libcrux_ml_kem_hash_functions_portable_H(input, ret);
11067 }
11068
11069 /**
11070 A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate
11071 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector,
11072 libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]],
11073 libcrux_ml_kem_variant_MlKem with const generics
11074 - K= 3
11075 - CIPHERTEXT_SIZE= 1088
11076 - PUBLIC_KEY_SIZE= 1184
11077 - T_AS_NTT_ENCODED_SIZE= 1152
11078 - C1_SIZE= 960
11079 - C2_SIZE= 128
11080 - VECTOR_U_COMPRESSION_FACTOR= 10
11081 - VECTOR_V_COMPRESSION_FACTOR= 4
11082 - VECTOR_U_BLOCK_LEN= 320
11083 - ETA1= 2
11084 - ETA1_RANDOMNESS_SIZE= 128
11085 - ETA2= 2
11086 - ETA2_RANDOMNESS_SIZE= 128
11087 */
libcrux_ml_kem_ind_cca_encapsulate_cd(libcrux_ml_kem_types_MlKemPublicKey_15 * public_key,uint8_t randomness[32U])11088 static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_cd(
11089 libcrux_ml_kem_types_MlKemPublicKey_15 *public_key,
11090 uint8_t randomness[32U]) {
11091 uint8_t randomness0[32U];
11092 libcrux_ml_kem_variant_entropy_preprocess_d8_63(
11093 Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0);
11094 uint8_t to_hash[64U];
11095 libcrux_ml_kem_utils_into_padded_array_ea(
11096 Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t), to_hash);
11097 Eurydice_slice uu____0 = Eurydice_array_to_subslice_from(
11098 (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t,
11099 size_t);
11100 uint8_t ret[32U];
11101 libcrux_ml_kem_hash_functions_portable_H_f1_1a(
11102 Eurydice_array_to_slice((size_t)1184U,
11103 libcrux_ml_kem_types_as_slice_cb_50(public_key),
11104 uint8_t),
11105 ret);
11106 Eurydice_slice_copy(
11107 uu____0, Eurydice_array_to_slice((size_t)32U, ret, uint8_t), uint8_t);
11108 uint8_t hashed[64U];
11109 libcrux_ml_kem_hash_functions_portable_G_f1_e4(
11110 Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed);
11111 Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at(
11112 Eurydice_array_to_slice((size_t)64U, hashed, uint8_t),
11113 LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t,
11114 Eurydice_slice_uint8_t_x2);
11115 Eurydice_slice shared_secret = uu____1.fst;
11116 Eurydice_slice pseudorandomness = uu____1.snd;
11117 Eurydice_slice uu____2 = Eurydice_array_to_slice(
11118 (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_50(public_key), uint8_t);
11119 /* Passing arrays by value in Rust generates a copy in C */
11120 uint8_t copy_of_randomness[32U];
11121 memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t));
11122 uint8_t ciphertext[1088U];
11123 libcrux_ml_kem_ind_cpa_encrypt_60(uu____2, copy_of_randomness,
11124 pseudorandomness, ciphertext);
11125 /* Passing arrays by value in Rust generates a copy in C */
11126 uint8_t copy_of_ciphertext[1088U];
11127 memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t));
11128 libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 =
11129 libcrux_ml_kem_types_from_01_9f(copy_of_ciphertext);
11130 uint8_t shared_secret_array[32U];
11131 libcrux_ml_kem_variant_kdf_d8_41(shared_secret, &ciphertext0,
11132 shared_secret_array);
11133 libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0;
11134 /* Passing arrays by value in Rust generates a copy in C */
11135 uint8_t copy_of_shared_secret_array[32U];
11136 memcpy(copy_of_shared_secret_array, shared_secret_array,
11137 (size_t)32U * sizeof(uint8_t));
11138 tuple_3c lit;
11139 lit.fst = uu____5;
11140 memcpy(lit.snd, copy_of_shared_secret_array, (size_t)32U * sizeof(uint8_t));
11141 return lit;
11142 }
11143
11144 /**
11145 A monomorphic instance of
11146 libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate with const generics
11147 - K= 3
11148 - CIPHERTEXT_SIZE= 1088
11149 - PUBLIC_KEY_SIZE= 1184
11150 - T_AS_NTT_ENCODED_SIZE= 1152
11151 - C1_SIZE= 960
11152 - C2_SIZE= 128
11153 - VECTOR_U_COMPRESSION_FACTOR= 10
11154 - VECTOR_V_COMPRESSION_FACTOR= 4
11155 - VECTOR_U_BLOCK_LEN= 320
11156 - ETA1= 2
11157 - ETA1_RANDOMNESS_SIZE= 128
11158 - ETA2= 2
11159 - ETA2_RANDOMNESS_SIZE= 128
11160 */
11161 static inline tuple_3c
libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_c6(libcrux_ml_kem_types_MlKemPublicKey_15 * public_key,uint8_t randomness[32U])11162 libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_c6(
11163 libcrux_ml_kem_types_MlKemPublicKey_15 *public_key,
11164 uint8_t randomness[32U]) {
11165 libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key;
11166 /* Passing arrays by value in Rust generates a copy in C */
11167 uint8_t copy_of_randomness[32U];
11168 memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t));
11169 return libcrux_ml_kem_ind_cca_encapsulate_cd(uu____0, copy_of_randomness);
11170 }
11171
11172 /**
11173 Encapsulate ML-KEM 768
11174
11175 Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple.
11176 The input is a reference to an [`MlKem768PublicKey`] and [`SHARED_SECRET_SIZE`]
11177 bytes of `randomness`.
11178 */
libcrux_ml_kem_mlkem768_portable_encapsulate(libcrux_ml_kem_types_MlKemPublicKey_15 * public_key,uint8_t randomness[32U])11179 static inline tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate(
11180 libcrux_ml_kem_types_MlKemPublicKey_15 *public_key,
11181 uint8_t randomness[32U]) {
11182 libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key;
11183 /* Passing arrays by value in Rust generates a copy in C */
11184 uint8_t copy_of_randomness[32U];
11185 memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t));
11186 return libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_c6(
11187 uu____0, copy_of_randomness);
11188 }
11189
11190 /**
11191 This function found in impl {(libcrux_ml_kem::variant::Variant for
11192 libcrux_ml_kem::variant::MlKem)#1}
11193 */
11194 /**
11195 A monomorphic instance of libcrux_ml_kem.variant.cpa_keygen_seed_d8
11196 with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]]
11197 with const generics
11198 - K= 3
11199 */
libcrux_ml_kem_variant_cpa_keygen_seed_d8_0e(Eurydice_slice key_generation_seed,uint8_t ret[64U])11200 static KRML_MUSTINLINE void libcrux_ml_kem_variant_cpa_keygen_seed_d8_0e(
11201 Eurydice_slice key_generation_seed, uint8_t ret[64U]) {
11202 uint8_t seed[33U] = {0U};
11203 Eurydice_slice_copy(
11204 Eurydice_array_to_subslice2(
11205 seed, (size_t)0U,
11206 LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t),
11207 key_generation_seed, uint8_t);
11208 seed[LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE] =
11209 (uint8_t)(size_t)3U;
11210 uint8_t ret0[64U];
11211 libcrux_ml_kem_hash_functions_portable_G_f1_e4(
11212 Eurydice_array_to_slice((size_t)33U, seed, uint8_t), ret0);
11213 memcpy(ret, ret0, (size_t)64U * sizeof(uint8_t));
11214 }
11215
11216 /**
11217 A monomorphic instance of libcrux_ml_kem.matrix.compute_As_plus_e.closure
11218 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
11219 with const generics
11220 - K= 3
11221 */
11222 static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0
libcrux_ml_kem_matrix_compute_As_plus_e_closure_87(size_t _i)11223 libcrux_ml_kem_matrix_compute_As_plus_e_closure_87(size_t _i) {
11224 return libcrux_ml_kem_polynomial_ZERO_89_ea();
11225 }
11226
11227 /**
11228 A monomorphic instance of libcrux_ml_kem.vector.traits.to_standard_domain
11229 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
11230 with const generics
11231
11232 */
11233 static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector
libcrux_ml_kem_vector_traits_to_standard_domain_59(libcrux_ml_kem_vector_portable_vector_type_PortableVector v)11234 libcrux_ml_kem_vector_traits_to_standard_domain_59(
11235 libcrux_ml_kem_vector_portable_vector_type_PortableVector v) {
11236 return libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_0d(
11237 v, LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS);
11238 }
11239
11240 /**
11241 This function found in impl
11242 {libcrux_ml_kem::polynomial::PolynomialRingElement<Vector>[TraitClause@0]}
11243 */
11244 /**
11245 A monomorphic instance of libcrux_ml_kem.polynomial.add_standard_error_reduce_89
11246 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
11247 with const generics
11248
11249 */
11250 static KRML_MUSTINLINE void
libcrux_ml_kem_polynomial_add_standard_error_reduce_89_03(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 * self,libcrux_ml_kem_polynomial_PolynomialRingElement_f0 * error)11251 libcrux_ml_kem_polynomial_add_standard_error_reduce_89_03(
11252 libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self,
11253 libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error) {
11254 for (size_t i = (size_t)0U;
11255 i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
11256 size_t j = i;
11257 libcrux_ml_kem_vector_portable_vector_type_PortableVector
11258 coefficient_normal_form =
11259 libcrux_ml_kem_vector_traits_to_standard_domain_59(
11260 self->coefficients[j]);
11261 libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 =
11262 libcrux_ml_kem_vector_portable_barrett_reduce_0d(
11263 libcrux_ml_kem_vector_portable_add_0d(coefficient_normal_form,
11264 &error->coefficients[j]));
11265 self->coefficients[j] = uu____0;
11266 }
11267 }
11268
11269 /**
11270 Compute  ◦ ŝ + ê
11271 */
11272 /**
11273 A monomorphic instance of libcrux_ml_kem.matrix.compute_As_plus_e
11274 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
11275 with const generics
11276 - K= 3
11277 */
libcrux_ml_kem_matrix_compute_As_plus_e_60(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (* matrix_A)[3U],libcrux_ml_kem_polynomial_PolynomialRingElement_f0 * s_as_ntt,libcrux_ml_kem_polynomial_PolynomialRingElement_f0 * error_as_ntt,libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U])11278 static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_60(
11279 libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*matrix_A)[3U],
11280 libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *s_as_ntt,
11281 libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_as_ntt,
11282 libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) {
11283 libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[3U];
11284 for (size_t i = (size_t)0U; i < (size_t)3U; i++) {
11285 result[i] = libcrux_ml_kem_polynomial_ZERO_89_ea();
11286 }
11287 for (size_t i0 = (size_t)0U;
11288 i0 < Eurydice_slice_len(
11289 Eurydice_array_to_slice(
11290 (size_t)3U, matrix_A,
11291 libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U]),
11292 libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U]);
11293 i0++) {
11294 size_t i1 = i0;
11295 libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *row = matrix_A[i1];
11296 for (size_t i = (size_t)0U;
11297 i < Eurydice_slice_len(
11298 Eurydice_array_to_slice(
11299 (size_t)3U, row,
11300 libcrux_ml_kem_polynomial_PolynomialRingElement_f0),
11301 libcrux_ml_kem_polynomial_PolynomialRingElement_f0);
11302 i++) {
11303 size_t j = i;
11304 libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *matrix_element =
11305 &row[j];
11306 libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product =
11307 libcrux_ml_kem_polynomial_ntt_multiply_89_2a(matrix_element,
11308 &s_as_ntt[j]);
11309 libcrux_ml_kem_polynomial_add_to_ring_element_89_84(&result[i1],
11310 &product);
11311 }
11312 libcrux_ml_kem_polynomial_add_standard_error_reduce_89_03(
11313 &result[i1], &error_as_ntt[i1]);
11314 }
11315 memcpy(
11316 ret, result,
11317 (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0));
11318 }
11319
11320 /**
11321 A monomorphic instance of
11322 libcrux_ml_kem.serialize.serialize_uncompressed_ring_element with types
11323 libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
11324
11325 */
11326 static KRML_MUSTINLINE void
libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_5b(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 * re,uint8_t ret[384U])11327 libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_5b(
11328 libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[384U]) {
11329 uint8_t serialized[384U] = {0U};
11330 for (size_t i = (size_t)0U;
11331 i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
11332 size_t i0 = i;
11333 libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient =
11334 libcrux_ml_kem_vector_traits_to_unsigned_representative_db(
11335 re->coefficients[i0]);
11336 uint8_t bytes[24U];
11337 libcrux_ml_kem_vector_portable_serialize_12_0d(coefficient, bytes);
11338 Eurydice_slice uu____0 = Eurydice_array_to_subslice2(
11339 serialized, (size_t)24U * i0, (size_t)24U * i0 + (size_t)24U, uint8_t);
11340 Eurydice_slice_copy(
11341 uu____0, Eurydice_array_to_slice((size_t)24U, bytes, uint8_t), uint8_t);
11342 }
11343 memcpy(ret, serialized, (size_t)384U * sizeof(uint8_t));
11344 }
11345
11346 /**
11347 Call [`serialize_uncompressed_ring_element`] for each ring element.
11348 */
11349 /**
11350 A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_secret_key
11351 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
11352 with const generics
11353 - K= 3
11354 - OUT_LEN= 1152
11355 */
libcrux_ml_kem_ind_cpa_serialize_secret_key_b5(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 * key,uint8_t ret[1152U])11356 static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_b5(
11357 libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *key,
11358 uint8_t ret[1152U]) {
11359 uint8_t out[1152U] = {0U};
11360 for (size_t i = (size_t)0U;
11361 i < Eurydice_slice_len(
11362 Eurydice_array_to_slice(
11363 (size_t)3U, key,
11364 libcrux_ml_kem_polynomial_PolynomialRingElement_f0),
11365 libcrux_ml_kem_polynomial_PolynomialRingElement_f0);
11366 i++) {
11367 size_t i0 = i;
11368 libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = key[i0];
11369 Eurydice_slice uu____0 = Eurydice_array_to_subslice2(
11370 out, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT,
11371 (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT,
11372 uint8_t);
11373 uint8_t ret0[384U];
11374 libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_5b(&re, ret0);
11375 Eurydice_slice_copy(
11376 uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t);
11377 }
11378 memcpy(ret, out, (size_t)1152U * sizeof(uint8_t));
11379 }
11380
11381 /**
11382 Concatenate `t` and `ρ` into the public key.
11383 */
11384 /**
11385 A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key
11386 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
11387 with const generics
11388 - K= 3
11389 - RANKED_BYTES_PER_RING_ELEMENT= 1152
11390 - PUBLIC_KEY_SIZE= 1184
11391 */
libcrux_ml_kem_ind_cpa_serialize_public_key_79(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 * t_as_ntt,Eurydice_slice seed_for_a,uint8_t ret[1184U])11392 static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_public_key_79(
11393 libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt,
11394 Eurydice_slice seed_for_a, uint8_t ret[1184U]) {
11395 uint8_t public_key_serialized[1184U] = {0U};
11396 Eurydice_slice uu____0 = Eurydice_array_to_subslice2(
11397 public_key_serialized, (size_t)0U, (size_t)1152U, uint8_t);
11398 uint8_t ret0[1152U];
11399 libcrux_ml_kem_ind_cpa_serialize_secret_key_b5(t_as_ntt, ret0);
11400 Eurydice_slice_copy(
11401 uu____0, Eurydice_array_to_slice((size_t)1152U, ret0, uint8_t), uint8_t);
11402 Eurydice_slice_copy(
11403 Eurydice_array_to_subslice_from((size_t)1184U, public_key_serialized,
11404 (size_t)1152U, uint8_t, size_t),
11405 seed_for_a, uint8_t);
11406 memcpy(ret, public_key_serialized, (size_t)1184U * sizeof(uint8_t));
11407 }
11408
11409 /**
11410 A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair
11411 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector,
11412 libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]],
11413 libcrux_ml_kem_variant_MlKem with const generics
11414 - K= 3
11415 - PRIVATE_KEY_SIZE= 1152
11416 - PUBLIC_KEY_SIZE= 1184
11417 - RANKED_BYTES_PER_RING_ELEMENT= 1152
11418 - ETA1= 2
11419 - ETA1_RANDOMNESS_SIZE= 128
11420 */
11421 static inline libcrux_ml_kem_utils_extraction_helper_Keypair768
libcrux_ml_kem_ind_cpa_generate_keypair_fc(Eurydice_slice key_generation_seed)11422 libcrux_ml_kem_ind_cpa_generate_keypair_fc(Eurydice_slice key_generation_seed) {
11423 uint8_t hashed[64U];
11424 libcrux_ml_kem_variant_cpa_keygen_seed_d8_0e(key_generation_seed, hashed);
11425 Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at(
11426 Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U,
11427 uint8_t, Eurydice_slice_uint8_t_x2);
11428 Eurydice_slice seed_for_A0 = uu____0.fst;
11429 Eurydice_slice seed_for_secret_and_error = uu____0.snd;
11430 libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[3U][3U];
11431 uint8_t ret[34U];
11432 libcrux_ml_kem_utils_into_padded_array_ea1(seed_for_A0, ret);
11433 libcrux_ml_kem_matrix_sample_matrix_A_38(ret, true, A_transpose);
11434 uint8_t prf_input[33U];
11435 libcrux_ml_kem_utils_into_padded_array_ea2(seed_for_secret_and_error,
11436 prf_input);
11437 /* Passing arrays by value in Rust generates a copy in C */
11438 uint8_t copy_of_prf_input0[33U];
11439 memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t));
11440 tuple_b0 uu____2 = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_fc(
11441 copy_of_prf_input0, 0U);
11442 libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U];
11443 memcpy(
11444 secret_as_ntt, uu____2.fst,
11445 (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0));
11446 uint8_t domain_separator = uu____2.snd;
11447 /* Passing arrays by value in Rust generates a copy in C */
11448 uint8_t copy_of_prf_input[33U];
11449 memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t));
11450 libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_as_ntt[3U];
11451 memcpy(
11452 error_as_ntt,
11453 libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_fc(copy_of_prf_input,
11454 domain_separator)
11455 .fst,
11456 (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0));
11457 libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[3U];
11458 libcrux_ml_kem_matrix_compute_As_plus_e_60(A_transpose, secret_as_ntt,
11459 error_as_ntt, t_as_ntt);
11460 uint8_t seed_for_A[32U];
11461 Result_00 dst;
11462 Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U]);
11463 unwrap_41_83(dst, seed_for_A);
11464 uint8_t public_key_serialized[1184U];
11465 libcrux_ml_kem_ind_cpa_serialize_public_key_79(
11466 t_as_ntt, Eurydice_array_to_slice((size_t)32U, seed_for_A, uint8_t),
11467 public_key_serialized);
11468 uint8_t secret_key_serialized[1152U];
11469 libcrux_ml_kem_ind_cpa_serialize_secret_key_b5(secret_as_ntt,
11470 secret_key_serialized);
11471 /* Passing arrays by value in Rust generates a copy in C */
11472 uint8_t copy_of_secret_key_serialized[1152U];
11473 memcpy(copy_of_secret_key_serialized, secret_key_serialized,
11474 (size_t)1152U * sizeof(uint8_t));
11475 /* Passing arrays by value in Rust generates a copy in C */
11476 uint8_t copy_of_public_key_serialized[1184U];
11477 memcpy(copy_of_public_key_serialized, public_key_serialized,
11478 (size_t)1184U * sizeof(uint8_t));
11479 libcrux_ml_kem_utils_extraction_helper_Keypair768 lit;
11480 memcpy(lit.fst, copy_of_secret_key_serialized,
11481 (size_t)1152U * sizeof(uint8_t));
11482 memcpy(lit.snd, copy_of_public_key_serialized,
11483 (size_t)1184U * sizeof(uint8_t));
11484 return lit;
11485 }
11486
11487 /**
11488 Serialize the secret key.
11489 */
11490 /**
11491 A monomorphic instance of libcrux_ml_kem.ind_cca.serialize_kem_secret_key
11492 with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]]
11493 with const generics
11494 - K= 3
11495 - SERIALIZED_KEY_LEN= 2400
11496 */
libcrux_ml_kem_ind_cca_serialize_kem_secret_key_48(Eurydice_slice private_key,Eurydice_slice public_key,Eurydice_slice implicit_rejection_value,uint8_t ret[2400U])11497 static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_serialize_kem_secret_key_48(
11498 Eurydice_slice private_key, Eurydice_slice public_key,
11499 Eurydice_slice implicit_rejection_value, uint8_t ret[2400U]) {
11500 uint8_t out[2400U] = {0U};
11501 size_t pointer = (size_t)0U;
11502 uint8_t *uu____0 = out;
11503 size_t uu____1 = pointer;
11504 size_t uu____2 = pointer;
11505 Eurydice_slice_copy(
11506 Eurydice_array_to_subslice2(
11507 uu____0, uu____1, uu____2 + Eurydice_slice_len(private_key, uint8_t),
11508 uint8_t),
11509 private_key, uint8_t);
11510 pointer = pointer + Eurydice_slice_len(private_key, uint8_t);
11511 uint8_t *uu____3 = out;
11512 size_t uu____4 = pointer;
11513 size_t uu____5 = pointer;
11514 Eurydice_slice_copy(
11515 Eurydice_array_to_subslice2(
11516 uu____3, uu____4, uu____5 + Eurydice_slice_len(public_key, uint8_t),
11517 uint8_t),
11518 public_key, uint8_t);
11519 pointer = pointer + Eurydice_slice_len(public_key, uint8_t);
11520 Eurydice_slice uu____6 = Eurydice_array_to_subslice2(
11521 out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t);
11522 uint8_t ret0[32U];
11523 libcrux_ml_kem_hash_functions_portable_H_f1_1a(public_key, ret0);
11524 Eurydice_slice_copy(
11525 uu____6, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t), uint8_t);
11526 pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE;
11527 uint8_t *uu____7 = out;
11528 size_t uu____8 = pointer;
11529 size_t uu____9 = pointer;
11530 Eurydice_slice_copy(
11531 Eurydice_array_to_subslice2(
11532 uu____7, uu____8,
11533 uu____9 + Eurydice_slice_len(implicit_rejection_value, uint8_t),
11534 uint8_t),
11535 implicit_rejection_value, uint8_t);
11536 memcpy(ret, out, (size_t)2400U * sizeof(uint8_t));
11537 }
11538
11539 /**
11540 Packed API
11541
11542 Generate a key pair.
11543
11544 Depending on the `Vector` and `Hasher` used, this requires different hardware
11545 features
11546 */
11547 /**
11548 A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair
11549 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector,
11550 libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]],
11551 libcrux_ml_kem_variant_MlKem with const generics
11552 - K= 3
11553 - CPA_PRIVATE_KEY_SIZE= 1152
11554 - PRIVATE_KEY_SIZE= 2400
11555 - PUBLIC_KEY_SIZE= 1184
11556 - BYTES_PER_RING_ELEMENT= 1152
11557 - ETA1= 2
11558 - ETA1_RANDOMNESS_SIZE= 128
11559 */
11560 static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair
libcrux_ml_kem_ind_cca_generate_keypair_8c(uint8_t randomness[64U])11561 libcrux_ml_kem_ind_cca_generate_keypair_8c(uint8_t randomness[64U]) {
11562 Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2(
11563 randomness, (size_t)0U,
11564 LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t);
11565 Eurydice_slice implicit_rejection_value = Eurydice_array_to_subslice_from(
11566 (size_t)64U, randomness,
11567 LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t,
11568 size_t);
11569 libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 =
11570 libcrux_ml_kem_ind_cpa_generate_keypair_fc(ind_cpa_keypair_randomness);
11571 uint8_t ind_cpa_private_key[1152U];
11572 memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t));
11573 uint8_t public_key[1184U];
11574 memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t));
11575 uint8_t secret_key_serialized[2400U];
11576 libcrux_ml_kem_ind_cca_serialize_kem_secret_key_48(
11577 Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t),
11578 Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t),
11579 implicit_rejection_value, secret_key_serialized);
11580 /* Passing arrays by value in Rust generates a copy in C */
11581 uint8_t copy_of_secret_key_serialized[2400U];
11582 memcpy(copy_of_secret_key_serialized, secret_key_serialized,
11583 (size_t)2400U * sizeof(uint8_t));
11584 libcrux_ml_kem_types_MlKemPrivateKey_55 private_key =
11585 libcrux_ml_kem_types_from_05_f2(copy_of_secret_key_serialized);
11586 libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key;
11587 /* Passing arrays by value in Rust generates a copy in C */
11588 uint8_t copy_of_public_key[1184U];
11589 memcpy(copy_of_public_key, public_key, (size_t)1184U * sizeof(uint8_t));
11590 return libcrux_ml_kem_types_from_17_35(
11591 uu____2, libcrux_ml_kem_types_from_b6_da(copy_of_public_key));
11592 }
11593
11594 /**
11595 Portable generate key pair.
11596 */
11597 /**
11598 A monomorphic instance of
11599 libcrux_ml_kem.ind_cca.instantiations.portable.generate_keypair with const
11600 generics
11601 - K= 3
11602 - CPA_PRIVATE_KEY_SIZE= 1152
11603 - PRIVATE_KEY_SIZE= 2400
11604 - PUBLIC_KEY_SIZE= 1184
11605 - BYTES_PER_RING_ELEMENT= 1152
11606 - ETA1= 2
11607 - ETA1_RANDOMNESS_SIZE= 128
11608 */
11609 static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair
libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_d5(uint8_t randomness[64U])11610 libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_d5(
11611 uint8_t randomness[64U]) {
11612 /* Passing arrays by value in Rust generates a copy in C */
11613 uint8_t copy_of_randomness[64U];
11614 memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t));
11615 return libcrux_ml_kem_ind_cca_generate_keypair_8c(copy_of_randomness);
11616 }
11617
11618 /**
11619 Generate ML-KEM 768 Key Pair
11620 */
11621 static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair
libcrux_ml_kem_mlkem768_portable_generate_key_pair(uint8_t randomness[64U])11622 libcrux_ml_kem_mlkem768_portable_generate_key_pair(uint8_t randomness[64U]) {
11623 /* Passing arrays by value in Rust generates a copy in C */
11624 uint8_t copy_of_randomness[64U];
11625 memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t));
11626 return libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_d5(
11627 copy_of_randomness);
11628 }
11629
11630 /**
11631 This function found in impl {(libcrux_ml_kem::variant::Variant for
11632 libcrux_ml_kem::variant::Kyber)}
11633 */
11634 /**
11635 A monomorphic instance of libcrux_ml_kem.variant.kdf_33
11636 with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]]
11637 with const generics
11638 - K= 3
11639 - CIPHERTEXT_SIZE= 1088
11640 */
libcrux_ml_kem_variant_kdf_33_f0(Eurydice_slice shared_secret,libcrux_ml_kem_mlkem768_MlKem768Ciphertext * ciphertext,uint8_t ret[32U])11641 static KRML_MUSTINLINE void libcrux_ml_kem_variant_kdf_33_f0(
11642 Eurydice_slice shared_secret,
11643 libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) {
11644 uint8_t kdf_input[64U];
11645 libcrux_ml_kem_utils_into_padded_array_ea(shared_secret, kdf_input);
11646 Eurydice_slice uu____0 = Eurydice_array_to_subslice_from(
11647 (size_t)64U, kdf_input, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t,
11648 size_t);
11649 uint8_t ret0[32U];
11650 libcrux_ml_kem_hash_functions_portable_H_f1_1a(
11651 Eurydice_array_to_slice((size_t)1088U,
11652 libcrux_ml_kem_types_as_slice_d4_1d(ciphertext),
11653 uint8_t),
11654 ret0);
11655 Eurydice_slice_copy(
11656 uu____0, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t), uint8_t);
11657 uint8_t ret1[32U];
11658 libcrux_ml_kem_hash_functions_portable_PRF_f1_ee(
11659 Eurydice_array_to_slice((size_t)64U, kdf_input, uint8_t), ret1);
11660 memcpy(ret, ret1, (size_t)32U * sizeof(uint8_t));
11661 }
11662
11663 /**
11664 A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate
11665 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector,
11666 libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]],
11667 libcrux_ml_kem_variant_Kyber with const generics
11668 - K= 3
11669 - SECRET_KEY_SIZE= 2400
11670 - CPA_SECRET_KEY_SIZE= 1152
11671 - PUBLIC_KEY_SIZE= 1184
11672 - CIPHERTEXT_SIZE= 1088
11673 - T_AS_NTT_ENCODED_SIZE= 1152
11674 - C1_SIZE= 960
11675 - C2_SIZE= 128
11676 - VECTOR_U_COMPRESSION_FACTOR= 10
11677 - VECTOR_V_COMPRESSION_FACTOR= 4
11678 - C1_BLOCK_SIZE= 320
11679 - ETA1= 2
11680 - ETA1_RANDOMNESS_SIZE= 128
11681 - ETA2= 2
11682 - ETA2_RANDOMNESS_SIZE= 128
11683 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120
11684 */
libcrux_ml_kem_ind_cca_decapsulate_700(libcrux_ml_kem_types_MlKemPrivateKey_55 * private_key,libcrux_ml_kem_mlkem768_MlKem768Ciphertext * ciphertext,uint8_t ret[32U])11685 static inline void libcrux_ml_kem_ind_cca_decapsulate_700(
11686 libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key,
11687 libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) {
11688 Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at(
11689 Eurydice_array_to_slice((size_t)2400U, private_key->value, uint8_t),
11690 (size_t)1152U, uint8_t, Eurydice_slice_uint8_t_x2);
11691 Eurydice_slice ind_cpa_secret_key = uu____0.fst;
11692 Eurydice_slice secret_key0 = uu____0.snd;
11693 Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at(
11694 secret_key0, (size_t)1184U, uint8_t, Eurydice_slice_uint8_t_x2);
11695 Eurydice_slice ind_cpa_public_key = uu____1.fst;
11696 Eurydice_slice secret_key = uu____1.snd;
11697 Eurydice_slice_uint8_t_x2 uu____2 = Eurydice_slice_split_at(
11698 secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t,
11699 Eurydice_slice_uint8_t_x2);
11700 Eurydice_slice ind_cpa_public_key_hash = uu____2.fst;
11701 Eurydice_slice implicit_rejection_value = uu____2.snd;
11702 uint8_t decrypted[32U];
11703 libcrux_ml_kem_ind_cpa_decrypt_43(ind_cpa_secret_key, ciphertext->value,
11704 decrypted);
11705 uint8_t to_hash0[64U];
11706 libcrux_ml_kem_utils_into_padded_array_ea(
11707 Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0);
11708 Eurydice_slice_copy(
11709 Eurydice_array_to_subslice_from(
11710 (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE,
11711 uint8_t, size_t),
11712 ind_cpa_public_key_hash, uint8_t);
11713 uint8_t hashed[64U];
11714 libcrux_ml_kem_hash_functions_portable_G_f1_e4(
11715 Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed);
11716 Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at(
11717 Eurydice_array_to_slice((size_t)64U, hashed, uint8_t),
11718 LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t,
11719 Eurydice_slice_uint8_t_x2);
11720 Eurydice_slice shared_secret0 = uu____3.fst;
11721 Eurydice_slice pseudorandomness = uu____3.snd;
11722 uint8_t to_hash[1120U];
11723 libcrux_ml_kem_utils_into_padded_array_ea0(implicit_rejection_value, to_hash);
11724 Eurydice_slice uu____4 = Eurydice_array_to_subslice_from(
11725 (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE,
11726 uint8_t, size_t);
11727 Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_24(ciphertext),
11728 uint8_t);
11729 uint8_t implicit_rejection_shared_secret0[32U];
11730 libcrux_ml_kem_hash_functions_portable_PRF_f1_ee(
11731 Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t),
11732 implicit_rejection_shared_secret0);
11733 Eurydice_slice uu____5 = ind_cpa_public_key;
11734 /* Passing arrays by value in Rust generates a copy in C */
11735 uint8_t copy_of_decrypted[32U];
11736 memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t));
11737 uint8_t expected_ciphertext[1088U];
11738 libcrux_ml_kem_ind_cpa_encrypt_60(uu____5, copy_of_decrypted,
11739 pseudorandomness, expected_ciphertext);
11740 uint8_t implicit_rejection_shared_secret[32U];
11741 libcrux_ml_kem_variant_kdf_33_f0(
11742 Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0,
11743 uint8_t),
11744 ciphertext, implicit_rejection_shared_secret);
11745 uint8_t shared_secret[32U];
11746 libcrux_ml_kem_variant_kdf_33_f0(shared_secret0, ciphertext, shared_secret);
11747 uint8_t ret0[32U];
11748 libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time(
11749 libcrux_ml_kem_types_as_ref_00_24(ciphertext),
11750 Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t),
11751 Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t),
11752 Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret,
11753 uint8_t),
11754 ret0);
11755 memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t));
11756 }
11757
11758 /**
11759 Portable decapsulate
11760 */
11761 /**
11762 A monomorphic instance of
11763 libcrux_ml_kem.ind_cca.instantiations.portable.kyber_decapsulate with const
11764 generics
11765 - K= 3
11766 - SECRET_KEY_SIZE= 2400
11767 - CPA_SECRET_KEY_SIZE= 1152
11768 - PUBLIC_KEY_SIZE= 1184
11769 - CIPHERTEXT_SIZE= 1088
11770 - T_AS_NTT_ENCODED_SIZE= 1152
11771 - C1_SIZE= 960
11772 - C2_SIZE= 128
11773 - VECTOR_U_COMPRESSION_FACTOR= 10
11774 - VECTOR_V_COMPRESSION_FACTOR= 4
11775 - C1_BLOCK_SIZE= 320
11776 - ETA1= 2
11777 - ETA1_RANDOMNESS_SIZE= 128
11778 - ETA2= 2
11779 - ETA2_RANDOMNESS_SIZE= 128
11780 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120
11781 */
11782 static inline void
libcrux_ml_kem_ind_cca_instantiations_portable_kyber_decapsulate_fc(libcrux_ml_kem_types_MlKemPrivateKey_55 * private_key,libcrux_ml_kem_mlkem768_MlKem768Ciphertext * ciphertext,uint8_t ret[32U])11783 libcrux_ml_kem_ind_cca_instantiations_portable_kyber_decapsulate_fc(
11784 libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key,
11785 libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) {
11786 libcrux_ml_kem_ind_cca_decapsulate_700(private_key, ciphertext, ret);
11787 }
11788
11789 /**
11790 Decapsulate Kyber 768
11791
11792 Generates an [`MlKemSharedSecret`].
11793 The input is a reference to an [`MlKem768PrivateKey`] and an
11794 [`MlKem768Ciphertext`].
11795 */
libcrux_ml_kem_mlkem768_portable_kyber_decapsulate(libcrux_ml_kem_types_MlKemPrivateKey_55 * private_key,libcrux_ml_kem_mlkem768_MlKem768Ciphertext * ciphertext,uint8_t ret[32U])11796 static inline void libcrux_ml_kem_mlkem768_portable_kyber_decapsulate(
11797 libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key,
11798 libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) {
11799 libcrux_ml_kem_ind_cca_instantiations_portable_kyber_decapsulate_fc(
11800 private_key, ciphertext, ret);
11801 }
11802
11803 /**
11804 This function found in impl {(libcrux_ml_kem::variant::Variant for
11805 libcrux_ml_kem::variant::Kyber)}
11806 */
11807 /**
11808 A monomorphic instance of libcrux_ml_kem.variant.entropy_preprocess_33
11809 with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]]
11810 with const generics
11811 - K= 3
11812 */
libcrux_ml_kem_variant_entropy_preprocess_33_8a(Eurydice_slice randomness,uint8_t ret[32U])11813 static KRML_MUSTINLINE void libcrux_ml_kem_variant_entropy_preprocess_33_8a(
11814 Eurydice_slice randomness, uint8_t ret[32U]) {
11815 libcrux_ml_kem_hash_functions_portable_H_f1_1a(randomness, ret);
11816 }
11817
11818 /**
11819 A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate
11820 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector,
11821 libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]],
11822 libcrux_ml_kem_variant_Kyber with const generics
11823 - K= 3
11824 - CIPHERTEXT_SIZE= 1088
11825 - PUBLIC_KEY_SIZE= 1184
11826 - T_AS_NTT_ENCODED_SIZE= 1152
11827 - C1_SIZE= 960
11828 - C2_SIZE= 128
11829 - VECTOR_U_COMPRESSION_FACTOR= 10
11830 - VECTOR_V_COMPRESSION_FACTOR= 4
11831 - VECTOR_U_BLOCK_LEN= 320
11832 - ETA1= 2
11833 - ETA1_RANDOMNESS_SIZE= 128
11834 - ETA2= 2
11835 - ETA2_RANDOMNESS_SIZE= 128
11836 */
libcrux_ml_kem_ind_cca_encapsulate_cd0(libcrux_ml_kem_types_MlKemPublicKey_15 * public_key,uint8_t randomness[32U])11837 static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_cd0(
11838 libcrux_ml_kem_types_MlKemPublicKey_15 *public_key,
11839 uint8_t randomness[32U]) {
11840 uint8_t randomness0[32U];
11841 libcrux_ml_kem_variant_entropy_preprocess_33_8a(
11842 Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0);
11843 uint8_t to_hash[64U];
11844 libcrux_ml_kem_utils_into_padded_array_ea(
11845 Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t), to_hash);
11846 Eurydice_slice uu____0 = Eurydice_array_to_subslice_from(
11847 (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t,
11848 size_t);
11849 uint8_t ret[32U];
11850 libcrux_ml_kem_hash_functions_portable_H_f1_1a(
11851 Eurydice_array_to_slice((size_t)1184U,
11852 libcrux_ml_kem_types_as_slice_cb_50(public_key),
11853 uint8_t),
11854 ret);
11855 Eurydice_slice_copy(
11856 uu____0, Eurydice_array_to_slice((size_t)32U, ret, uint8_t), uint8_t);
11857 uint8_t hashed[64U];
11858 libcrux_ml_kem_hash_functions_portable_G_f1_e4(
11859 Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed);
11860 Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at(
11861 Eurydice_array_to_slice((size_t)64U, hashed, uint8_t),
11862 LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t,
11863 Eurydice_slice_uint8_t_x2);
11864 Eurydice_slice shared_secret = uu____1.fst;
11865 Eurydice_slice pseudorandomness = uu____1.snd;
11866 Eurydice_slice uu____2 = Eurydice_array_to_slice(
11867 (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_50(public_key), uint8_t);
11868 /* Passing arrays by value in Rust generates a copy in C */
11869 uint8_t copy_of_randomness[32U];
11870 memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t));
11871 uint8_t ciphertext[1088U];
11872 libcrux_ml_kem_ind_cpa_encrypt_60(uu____2, copy_of_randomness,
11873 pseudorandomness, ciphertext);
11874 /* Passing arrays by value in Rust generates a copy in C */
11875 uint8_t copy_of_ciphertext[1088U];
11876 memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t));
11877 libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 =
11878 libcrux_ml_kem_types_from_01_9f(copy_of_ciphertext);
11879 uint8_t shared_secret_array[32U];
11880 libcrux_ml_kem_variant_kdf_33_f0(shared_secret, &ciphertext0,
11881 shared_secret_array);
11882 libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0;
11883 /* Passing arrays by value in Rust generates a copy in C */
11884 uint8_t copy_of_shared_secret_array[32U];
11885 memcpy(copy_of_shared_secret_array, shared_secret_array,
11886 (size_t)32U * sizeof(uint8_t));
11887 tuple_3c lit;
11888 lit.fst = uu____5;
11889 memcpy(lit.snd, copy_of_shared_secret_array, (size_t)32U * sizeof(uint8_t));
11890 return lit;
11891 }
11892
11893 /**
11894 Portable encapsulate
11895 */
11896 /**
11897 A monomorphic instance of
11898 libcrux_ml_kem.ind_cca.instantiations.portable.kyber_encapsulate with const
11899 generics
11900 - K= 3
11901 - CIPHERTEXT_SIZE= 1088
11902 - PUBLIC_KEY_SIZE= 1184
11903 - T_AS_NTT_ENCODED_SIZE= 1152
11904 - C1_SIZE= 960
11905 - C2_SIZE= 128
11906 - VECTOR_U_COMPRESSION_FACTOR= 10
11907 - VECTOR_V_COMPRESSION_FACTOR= 4
11908 - VECTOR_U_BLOCK_LEN= 320
11909 - ETA1= 2
11910 - ETA1_RANDOMNESS_SIZE= 128
11911 - ETA2= 2
11912 - ETA2_RANDOMNESS_SIZE= 128
11913 */
11914 static inline tuple_3c
libcrux_ml_kem_ind_cca_instantiations_portable_kyber_encapsulate_7a(libcrux_ml_kem_types_MlKemPublicKey_15 * public_key,uint8_t randomness[32U])11915 libcrux_ml_kem_ind_cca_instantiations_portable_kyber_encapsulate_7a(
11916 libcrux_ml_kem_types_MlKemPublicKey_15 *public_key,
11917 uint8_t randomness[32U]) {
11918 libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key;
11919 /* Passing arrays by value in Rust generates a copy in C */
11920 uint8_t copy_of_randomness[32U];
11921 memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t));
11922 return libcrux_ml_kem_ind_cca_encapsulate_cd0(uu____0, copy_of_randomness);
11923 }
11924
11925 /**
11926 Encapsulate Kyber 768
11927
11928 Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple.
11929 The input is a reference to an [`MlKem768PublicKey`] and [`SHARED_SECRET_SIZE`]
11930 bytes of `randomness`.
11931 */
libcrux_ml_kem_mlkem768_portable_kyber_encapsulate(libcrux_ml_kem_types_MlKemPublicKey_15 * public_key,uint8_t randomness[32U])11932 static inline tuple_3c libcrux_ml_kem_mlkem768_portable_kyber_encapsulate(
11933 libcrux_ml_kem_types_MlKemPublicKey_15 *public_key,
11934 uint8_t randomness[32U]) {
11935 libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key;
11936 /* Passing arrays by value in Rust generates a copy in C */
11937 uint8_t copy_of_randomness[32U];
11938 memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t));
11939 return libcrux_ml_kem_ind_cca_instantiations_portable_kyber_encapsulate_7a(
11940 uu____0, copy_of_randomness);
11941 }
11942
11943 /**
11944 This function found in impl {(libcrux_ml_kem::variant::Variant for
11945 libcrux_ml_kem::variant::Kyber)}
11946 */
11947 /**
11948 A monomorphic instance of libcrux_ml_kem.variant.cpa_keygen_seed_33
11949 with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]]
11950 with const generics
11951 - K= 3
11952 */
libcrux_ml_kem_variant_cpa_keygen_seed_33_b6(Eurydice_slice key_generation_seed,uint8_t ret[64U])11953 static KRML_MUSTINLINE void libcrux_ml_kem_variant_cpa_keygen_seed_33_b6(
11954 Eurydice_slice key_generation_seed, uint8_t ret[64U]) {
11955 libcrux_ml_kem_hash_functions_portable_G_f1_e4(key_generation_seed, ret);
11956 }
11957
11958 /**
11959 A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair
11960 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector,
11961 libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]],
11962 libcrux_ml_kem_variant_Kyber with const generics
11963 - K= 3
11964 - PRIVATE_KEY_SIZE= 1152
11965 - PUBLIC_KEY_SIZE= 1184
11966 - RANKED_BYTES_PER_RING_ELEMENT= 1152
11967 - ETA1= 2
11968 - ETA1_RANDOMNESS_SIZE= 128
11969 */
11970 static inline libcrux_ml_kem_utils_extraction_helper_Keypair768
libcrux_ml_kem_ind_cpa_generate_keypair_fc0(Eurydice_slice key_generation_seed)11971 libcrux_ml_kem_ind_cpa_generate_keypair_fc0(
11972 Eurydice_slice key_generation_seed) {
11973 uint8_t hashed[64U];
11974 libcrux_ml_kem_variant_cpa_keygen_seed_33_b6(key_generation_seed, hashed);
11975 Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at(
11976 Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U,
11977 uint8_t, Eurydice_slice_uint8_t_x2);
11978 Eurydice_slice seed_for_A0 = uu____0.fst;
11979 Eurydice_slice seed_for_secret_and_error = uu____0.snd;
11980 libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[3U][3U];
11981 uint8_t ret[34U];
11982 libcrux_ml_kem_utils_into_padded_array_ea1(seed_for_A0, ret);
11983 libcrux_ml_kem_matrix_sample_matrix_A_38(ret, true, A_transpose);
11984 uint8_t prf_input[33U];
11985 libcrux_ml_kem_utils_into_padded_array_ea2(seed_for_secret_and_error,
11986 prf_input);
11987 /* Passing arrays by value in Rust generates a copy in C */
11988 uint8_t copy_of_prf_input0[33U];
11989 memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t));
11990 tuple_b0 uu____2 = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_fc(
11991 copy_of_prf_input0, 0U);
11992 libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U];
11993 memcpy(
11994 secret_as_ntt, uu____2.fst,
11995 (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0));
11996 uint8_t domain_separator = uu____2.snd;
11997 /* Passing arrays by value in Rust generates a copy in C */
11998 uint8_t copy_of_prf_input[33U];
11999 memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t));
12000 libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_as_ntt[3U];
12001 memcpy(
12002 error_as_ntt,
12003 libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_fc(copy_of_prf_input,
12004 domain_separator)
12005 .fst,
12006 (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0));
12007 libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[3U];
12008 libcrux_ml_kem_matrix_compute_As_plus_e_60(A_transpose, secret_as_ntt,
12009 error_as_ntt, t_as_ntt);
12010 uint8_t seed_for_A[32U];
12011 Result_00 dst;
12012 Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U]);
12013 unwrap_41_83(dst, seed_for_A);
12014 uint8_t public_key_serialized[1184U];
12015 libcrux_ml_kem_ind_cpa_serialize_public_key_79(
12016 t_as_ntt, Eurydice_array_to_slice((size_t)32U, seed_for_A, uint8_t),
12017 public_key_serialized);
12018 uint8_t secret_key_serialized[1152U];
12019 libcrux_ml_kem_ind_cpa_serialize_secret_key_b5(secret_as_ntt,
12020 secret_key_serialized);
12021 /* Passing arrays by value in Rust generates a copy in C */
12022 uint8_t copy_of_secret_key_serialized[1152U];
12023 memcpy(copy_of_secret_key_serialized, secret_key_serialized,
12024 (size_t)1152U * sizeof(uint8_t));
12025 /* Passing arrays by value in Rust generates a copy in C */
12026 uint8_t copy_of_public_key_serialized[1184U];
12027 memcpy(copy_of_public_key_serialized, public_key_serialized,
12028 (size_t)1184U * sizeof(uint8_t));
12029 libcrux_ml_kem_utils_extraction_helper_Keypair768 lit;
12030 memcpy(lit.fst, copy_of_secret_key_serialized,
12031 (size_t)1152U * sizeof(uint8_t));
12032 memcpy(lit.snd, copy_of_public_key_serialized,
12033 (size_t)1184U * sizeof(uint8_t));
12034 return lit;
12035 }
12036
12037 /**
12038 Packed API
12039
12040 Generate a key pair.
12041
12042 Depending on the `Vector` and `Hasher` used, this requires different hardware
12043 features
12044 */
12045 /**
12046 A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair
12047 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector,
12048 libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]],
12049 libcrux_ml_kem_variant_Kyber with const generics
12050 - K= 3
12051 - CPA_PRIVATE_KEY_SIZE= 1152
12052 - PRIVATE_KEY_SIZE= 2400
12053 - PUBLIC_KEY_SIZE= 1184
12054 - BYTES_PER_RING_ELEMENT= 1152
12055 - ETA1= 2
12056 - ETA1_RANDOMNESS_SIZE= 128
12057 */
12058 static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair
libcrux_ml_kem_ind_cca_generate_keypair_8c0(uint8_t randomness[64U])12059 libcrux_ml_kem_ind_cca_generate_keypair_8c0(uint8_t randomness[64U]) {
12060 Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2(
12061 randomness, (size_t)0U,
12062 LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t);
12063 Eurydice_slice implicit_rejection_value = Eurydice_array_to_subslice_from(
12064 (size_t)64U, randomness,
12065 LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t,
12066 size_t);
12067 libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 =
12068 libcrux_ml_kem_ind_cpa_generate_keypair_fc0(ind_cpa_keypair_randomness);
12069 uint8_t ind_cpa_private_key[1152U];
12070 memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t));
12071 uint8_t public_key[1184U];
12072 memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t));
12073 uint8_t secret_key_serialized[2400U];
12074 libcrux_ml_kem_ind_cca_serialize_kem_secret_key_48(
12075 Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t),
12076 Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t),
12077 implicit_rejection_value, secret_key_serialized);
12078 /* Passing arrays by value in Rust generates a copy in C */
12079 uint8_t copy_of_secret_key_serialized[2400U];
12080 memcpy(copy_of_secret_key_serialized, secret_key_serialized,
12081 (size_t)2400U * sizeof(uint8_t));
12082 libcrux_ml_kem_types_MlKemPrivateKey_55 private_key =
12083 libcrux_ml_kem_types_from_05_f2(copy_of_secret_key_serialized);
12084 libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key;
12085 /* Passing arrays by value in Rust generates a copy in C */
12086 uint8_t copy_of_public_key[1184U];
12087 memcpy(copy_of_public_key, public_key, (size_t)1184U * sizeof(uint8_t));
12088 return libcrux_ml_kem_types_from_17_35(
12089 uu____2, libcrux_ml_kem_types_from_b6_da(copy_of_public_key));
12090 }
12091
12092 /**
12093 A monomorphic instance of
12094 libcrux_ml_kem.ind_cca.instantiations.portable.kyber_generate_keypair with const
12095 generics
12096 - K= 3
12097 - CPA_PRIVATE_KEY_SIZE= 1152
12098 - PRIVATE_KEY_SIZE= 2400
12099 - PUBLIC_KEY_SIZE= 1184
12100 - BYTES_PER_RING_ELEMENT= 1152
12101 - ETA1= 2
12102 - ETA1_RANDOMNESS_SIZE= 128
12103 */
12104 static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair
libcrux_ml_kem_ind_cca_instantiations_portable_kyber_generate_keypair_9b(uint8_t randomness[64U])12105 libcrux_ml_kem_ind_cca_instantiations_portable_kyber_generate_keypair_9b(
12106 uint8_t randomness[64U]) {
12107 /* Passing arrays by value in Rust generates a copy in C */
12108 uint8_t copy_of_randomness[64U];
12109 memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t));
12110 return libcrux_ml_kem_ind_cca_generate_keypair_8c0(copy_of_randomness);
12111 }
12112
12113 /**
12114 Generate Kyber 768 Key Pair
12115 */
12116 static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair
libcrux_ml_kem_mlkem768_portable_kyber_generate_key_pair(uint8_t randomness[64U])12117 libcrux_ml_kem_mlkem768_portable_kyber_generate_key_pair(
12118 uint8_t randomness[64U]) {
12119 /* Passing arrays by value in Rust generates a copy in C */
12120 uint8_t copy_of_randomness[64U];
12121 memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t));
12122 return libcrux_ml_kem_ind_cca_instantiations_portable_kyber_generate_keypair_9b(
12123 copy_of_randomness);
12124 }
12125
12126 /**
12127 Validate an ML-KEM private key.
12128
12129 This implements the Hash check in 7.3 3.
12130 Note that the size checks in 7.2 1 and 2 are covered by the `SECRET_KEY_SIZE`
12131 and `CIPHERTEXT_SIZE` in the `private_key` and `ciphertext` types.
12132 */
12133 /**
12134 A monomorphic instance of libcrux_ml_kem.ind_cca.validate_private_key
12135 with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]]
12136 with const generics
12137 - K= 3
12138 - SECRET_KEY_SIZE= 2400
12139 - CIPHERTEXT_SIZE= 1088
12140 */
libcrux_ml_kem_ind_cca_validate_private_key_e7(libcrux_ml_kem_types_MlKemPrivateKey_55 * private_key,libcrux_ml_kem_mlkem768_MlKem768Ciphertext * _ciphertext)12141 static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_private_key_e7(
12142 libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key,
12143 libcrux_ml_kem_mlkem768_MlKem768Ciphertext *_ciphertext) {
12144 uint8_t t[32U];
12145 libcrux_ml_kem_hash_functions_portable_H_f1_1a(
12146 Eurydice_array_to_subslice2(private_key->value, (size_t)384U * (size_t)3U,
12147 (size_t)768U * (size_t)3U + (size_t)32U,
12148 uint8_t),
12149 t);
12150 Eurydice_slice expected = Eurydice_array_to_subslice2(
12151 private_key->value, (size_t)768U * (size_t)3U + (size_t)32U,
12152 (size_t)768U * (size_t)3U + (size_t)64U, uint8_t);
12153 return core_array_equality___core__cmp__PartialEq__0___Slice_U____for__Array_T__N___3__eq(
12154 (size_t)32U, t, &expected, uint8_t, uint8_t, bool);
12155 }
12156
12157 /**
12158 Portable private key validation
12159 */
12160 /**
12161 A monomorphic instance of
12162 libcrux_ml_kem.ind_cca.instantiations.portable.validate_private_key with const
12163 generics
12164 - K= 3
12165 - SECRET_KEY_SIZE= 2400
12166 - CIPHERTEXT_SIZE= 1088
12167 */
12168 static KRML_MUSTINLINE bool
libcrux_ml_kem_ind_cca_instantiations_portable_validate_private_key_9c(libcrux_ml_kem_types_MlKemPrivateKey_55 * private_key,libcrux_ml_kem_mlkem768_MlKem768Ciphertext * ciphertext)12169 libcrux_ml_kem_ind_cca_instantiations_portable_validate_private_key_9c(
12170 libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key,
12171 libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext) {
12172 return libcrux_ml_kem_ind_cca_validate_private_key_e7(private_key,
12173 ciphertext);
12174 }
12175
12176 /**
12177 Validate a private key.
12178
12179 Returns `true` if valid, and `false` otherwise.
12180 */
libcrux_ml_kem_mlkem768_portable_validate_private_key(libcrux_ml_kem_types_MlKemPrivateKey_55 * private_key,libcrux_ml_kem_mlkem768_MlKem768Ciphertext * ciphertext)12181 static inline bool libcrux_ml_kem_mlkem768_portable_validate_private_key(
12182 libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key,
12183 libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext) {
12184 return libcrux_ml_kem_ind_cca_instantiations_portable_validate_private_key_9c(
12185 private_key, ciphertext);
12186 }
12187
12188 /**
12189 A monomorphic instance of
12190 libcrux_ml_kem.serialize.deserialize_ring_elements_reduced.closure with types
12191 libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
12192 - PUBLIC_KEY_SIZE= 1184
12193 - K= 3
12194 */
12195 static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0
libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure_cd0(size_t _i)12196 libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure_cd0(
12197 size_t _i) {
12198 return libcrux_ml_kem_polynomial_ZERO_89_ea();
12199 }
12200
12201 /**
12202 This function deserializes ring elements and reduces the result by the field
12203 modulus.
12204
12205 This function MUST NOT be used on secret inputs.
12206 */
12207 /**
12208 A monomorphic instance of
12209 libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types
12210 libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
12211 - PUBLIC_KEY_SIZE= 1184
12212 - K= 3
12213 */
12214 static KRML_MUSTINLINE void
libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_330(Eurydice_slice public_key,libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U])12215 libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_330(
12216 Eurydice_slice public_key,
12217 libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) {
12218 libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U];
12219 for (size_t i = (size_t)0U; i < (size_t)3U; i++) {
12220 deserialized_pk[i] = libcrux_ml_kem_polynomial_ZERO_89_ea();
12221 }
12222 for (size_t i = (size_t)0U;
12223 i < Eurydice_slice_len(public_key, uint8_t) /
12224 LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT;
12225 i++) {
12226 size_t i0 = i;
12227 Eurydice_slice ring_element = Eurydice_slice_subslice2(
12228 public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT,
12229 i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT +
12230 LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT,
12231 uint8_t);
12232 libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 =
12233 libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_4c(
12234 ring_element);
12235 deserialized_pk[i0] = uu____0;
12236 }
12237 memcpy(
12238 ret, deserialized_pk,
12239 (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0));
12240 }
12241
12242 /**
12243 Validate an ML-KEM public key.
12244
12245 This implements the Modulus check in 7.2 2.
12246 Note that the size check in 7.2 1 is covered by the `PUBLIC_KEY_SIZE` in the
12247 `public_key` type.
12248 */
12249 /**
12250 A monomorphic instance of libcrux_ml_kem.ind_cca.validate_public_key
12251 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
12252 with const generics
12253 - K= 3
12254 - RANKED_BYTES_PER_RING_ELEMENT= 1152
12255 - PUBLIC_KEY_SIZE= 1184
12256 */
libcrux_ml_kem_ind_cca_validate_public_key_19(uint8_t * public_key)12257 static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_public_key_19(
12258 uint8_t *public_key) {
12259 libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U];
12260 libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_330(
12261 Eurydice_array_to_subslice_to((size_t)1184U, public_key, (size_t)1152U,
12262 uint8_t, size_t),
12263 deserialized_pk);
12264 libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____0 = deserialized_pk;
12265 uint8_t public_key_serialized[1184U];
12266 libcrux_ml_kem_ind_cpa_serialize_public_key_79(
12267 uu____0,
12268 Eurydice_array_to_subslice_from((size_t)1184U, public_key, (size_t)1152U,
12269 uint8_t, size_t),
12270 public_key_serialized);
12271 return core_array_equality___core__cmp__PartialEq__Array_U__N___for__Array_T__N____eq(
12272 (size_t)1184U, public_key, public_key_serialized, uint8_t, uint8_t, bool);
12273 }
12274
12275 /**
12276 Portable public key validation
12277 */
12278 /**
12279 A monomorphic instance of
12280 libcrux_ml_kem.ind_cca.instantiations.portable.validate_public_key with const
12281 generics
12282 - K= 3
12283 - RANKED_BYTES_PER_RING_ELEMENT= 1152
12284 - PUBLIC_KEY_SIZE= 1184
12285 */
12286 static KRML_MUSTINLINE bool
libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key_4b(uint8_t * public_key)12287 libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key_4b(
12288 uint8_t *public_key) {
12289 return libcrux_ml_kem_ind_cca_validate_public_key_19(public_key);
12290 }
12291
12292 /**
12293 Validate a public key.
12294
12295 Returns `true` if valid, and `false` otherwise.
12296 */
libcrux_ml_kem_mlkem768_portable_validate_public_key(libcrux_ml_kem_types_MlKemPublicKey_15 * public_key)12297 static inline bool libcrux_ml_kem_mlkem768_portable_validate_public_key(
12298 libcrux_ml_kem_types_MlKemPublicKey_15 *public_key) {
12299 return libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key_4b(
12300 public_key->value);
12301 }
12302
12303 /**
12304 This function found in impl {(core::clone::Clone for
12305 libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
12306 */
12307 static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector
libcrux_ml_kem_vector_portable_vector_type_clone_3b(libcrux_ml_kem_vector_portable_vector_type_PortableVector * self)12308 libcrux_ml_kem_vector_portable_vector_type_clone_3b(
12309 libcrux_ml_kem_vector_portable_vector_type_PortableVector *self) {
12310 return self[0U];
12311 }
12312
12313 typedef int16_t libcrux_ml_kem_vector_portable_vector_type_FieldElement;
12314
12315 typedef int16_t
12316 libcrux_ml_kem_vector_portable_arithmetic_MontgomeryFieldElement;
12317
12318 typedef int16_t
12319 libcrux_ml_kem_vector_portable_arithmetic_FieldElementTimesMontgomeryR;
12320
12321 #if defined(__cplusplus)
12322 }
12323 #endif
12324
12325 #define __libcrux_mlkem768_portable_H_DEFINED
12326 #endif
12327
12328
12329 /* rename some types to be a bit more ergonomic */
12330 #define libcrux_mlkem768_keypair libcrux_ml_kem_mlkem768_MlKem768KeyPair_s
12331 #define libcrux_mlkem768_pk_valid_result Option_92_s
12332 #define libcrux_mlkem768_pk libcrux_ml_kem_types_MlKemPublicKey_15_s
12333 #define libcrux_mlkem768_sk libcrux_ml_kem_types_MlKemPrivateKey_55_s
12334 #define libcrux_mlkem768_ciphertext libcrux_ml_kem_mlkem768_MlKem768Ciphertext_s
12335 #define libcrux_mlkem768_enc_result tuple_3c_s
12336 /* defines for PRNG inputs */
12337 #define LIBCRUX_ML_KEM_KEY_PAIR_PRNG_LEN 64
12338 #define LIBCRUX_ML_KEM_ENC_PRNG_LEN 32
12339